CISPA, the controversial bill intended to let Internet companies share information about users more freely with the government, has been passed by the House of Representatives. The bill has been touched up since its first appearance last year, but many remain suspicious after what they view as years of misguided tech legislation. Both outside critics and the White House have said CISPA is fundamentally unsound.
Lawmakers are seen as being out of touch with the realities of technology and the Internet, as widespread protest last year of bills like SOPA and PIPA attests. It comes as no surprise, then, that a bill derided by privacy advocates last year should face similar opposition when it is brought back now with only minor changes.
The Cyber Intelligence Sharing and Protection Act is meant to let Internet companies share information with the government for cybersecurity purposes. A company like Facebook or Twitter, for instance, may have info the government wants, like when a user logged in or where they were at a certain time.
The bill would facilitate sharing that data, but many believe it throws privacy protections out the window in the process. Critics say it amounts to the government deputizing private companies to do their surveillance for them.
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, introduced the bill, H.R. 624, for the second time on Feb. 13. In its previous incarnation, CISPA also passed easily in the House, but then died in the Senate, under threat of presidential veto.
The reintroduced bill received several amendments in closed-door markup sessions and a few more on the House Floor; Rogers characterized these changes as providing additional oversight and further limiting the bill’s definitions and authorized applications. Co-sponsor Dutch Ruppersberger (D-Md.) said the adoption of these amendments “shows a true commitment to making our bill better and improving privacy and civil liberties protections.”
Not everyone agrees. “These amendments are window dressing,” Mark Jaycox, a Electronic Frontier Foundation policy analyst, told NBC News. The EFF is a non-profit digital rights group based in the United States.
The legislation hasn’t “addressed a lot of the core privacy complaints,” he said. “Companies collect this information every day — but they should not be encouraged with broad legal immunities to send it all to the government.”
He said that several amendments were actually proposed that would have improved the bill, but never adopted. One, for instance, would have required companies to take steps to strip personal information from their reports — something an industry representative said during a hearing on CISPA would be no trouble. Another amendment would remove what critics saw as blanket immunity for invasive data-gathering by companies.
In a hearing before House consideration of the bill, Rogers dismissed many of those reservations as uninformed, comparing critics to teenage basement-dwellers (a comment that quickly drew fire from opponents). He said the bill is supported by people who are in the know.
“The people who are in the business of prosperity on the Internet think this is the right approach … Once you understand the threat, and you understand the mechanics of how it works, and you understand that people are not monitoring [the] content of your emails, most people go ‘Got it, I’m in.'”
Many companies, from IBM to Verizon, do back CISPA, as does Comcast, the parent company of NBCUniversal, which NBC News. Prominent Internet companies Google and Facebook have not registered their support. Outspoken Reddit co-founder Alexis Ohanian has been especially vocal in his opposition.
HR 624, as CISPA is now known, passed the House 288-127 Thursday, with most of the opposition Democratic. But Jaycox said that the Senate blocked the previous legislation, and may do so again, possibly because the Senate has a bill of its own.
“There are some similar information-sharing bills with stronger privacy protections in the Senate,” he said, although none are as far along right now as CISPA.
Even if CISPA were to also pass the Senate, however, it’s unlikely to be approved by President Barack Obama. The White House issued a statement (PDF) Tuesday that the bill, as it is written now, would almost certainly be vetoed. “Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately,” the statement said, in part.
The next step is for the bill to be voted on by the Senate; Last year, the rejection was based on a bare majority: 52-46. It may be several months before the Senate considers the bill again.
Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.