By: Tom Wither
The uninterrupted operation of our nation’s infrastructure is vital to our physical and economic security and our lives. It monitors generators producing power; controls valves that allow gas or oil to flow from well to refinery to pump; manages air, rail, and road traffic; and enables banks to process credit card transactions and business activities nationally and internationally.
In 2011, Rep. Mike Rogers, a Michigan Republican and then chair of the House’s Permanent Select Committee on Intelligence, put forward a bill called the Cyber Intelligence Sharing & Protection Act (CISPA). It was meant to allow for information sharing between the private sector and U.S. government as a means to ward off cyber attacks that could cripple the country’s infrastructure. But civil liberties groups and others roundly criticized the bill for its lack of provisions to protect privacy. The 2011 bill was amended, and in spite of passing the House in 2012 and 2013, it never passed the Senate; both bills died after referral to the Senate Select Committee on Intelligence.
Congressman C.A. Dutch Ruppersberger, a Maryland Democrat, last month reintroduced the 2013 version of bill, saying “we must stop dealing with cyber attacks after the fact.” He pointed to North Korea’s recent attack on Sony Pictures, which “cost the company millions of dollars.” Still, Internet privacy advocates and other critics are again viewing the bill as unfettered license for the government to collect private information at will.
They are wrong.
This bill, and the two versions passed by the House before it, do not authorize broad and unnecessary data collection, and the professionals in the intelligence community have no interest in such power.
The current CISPA bill requires the government to “reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is not necessary to protect systems or networks from cyber threats or mitigate cyber threats in a timely manner.” It also allows for monitoring by Congress, the Privacy and Civil Liberties Oversight Board and others, as well as specific language prohibiting intelligence agencies from using CISPA to expand surveillance of U.S. persons beyond existing law.