Chief co-sponsors of the Cyber Intelligence Sharing and Protection Act (CISPA) Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD) defended their legislation in a conference call with reporters today, saying that any comparisons of CISPA to the currently-defunct Stop Online Piracy Act (SOPA) are entirely baseless.
Comparing CISPA to SOPA is like “apples and oranges,” said Rep. Rogers. “They are so completely different that there is just absolutely no comparison, number one. And one of the reasons we’re getting out, talking to people is for this very reason, so they understand that [the comparison] is apples and oranges. This bill is for something completely different. Everyone was worried about MP3 files and movies — this bill has nothing to do with that.”
CISPA, a cybersecurity bill, has inflamed the ire of the Internet in the past weeks, with hundreds of thousands of Web users voicing opposition to the bill. On Monday, Anonymous-branded hacktivists launched distributed denial of service attacks against the websites of USTelecom and TechAmerica, both of which have voiced support for CISPA.
Rep. Rogers also said that the types of intellectual property that CISPA is intended to target is that related to research and development, which US companies “spend billions of dollars on every year.”
Rep. Ruppersberger added that the bill also does not give the government the authority to shut down, or block access to, websites, as some critics have claimed.
“There is no censorship of websites, or shutting down of websites in this bill,” said Rep. Ruppersberger. “The government doesn’t have any authority to do that. And we are not involving ourselves in anyone’s personal computers, or anything of that nature. That’s clear. It’s not in the bill. And if it’s put out there that it is, that’s factually incorrect.”
While it is true that CISPA itself does not grant authority to the federal government to shut down websites, the government does have that authority, as we have seen in the cases against Megaupload and Bodog.com, both of which were taken offline for allegedly breaking US law — but not for posting threats to US-based networks or systems, which are the only scenarios covered by CISPA.
Moreover, the federal government has said that it has the authority to seize any domain that ends in .com, .net, or .org, as those domains fall under US jurisdiction because they are distributed by a US-based company, Verisign. So far, it is unclear whether information gathered under the authority of CISPA would or could be used as reason to seize domains, if that information is directly related to a cyber threat or a threat to national security.
As Reps. Rogers and Ruppersberger repeatedly pointed out during the call, information gathered under CISPA may only be used if it pertains to a cyber threat, or a threat to national security. So, if Facebook passes along information about one of its users evading taxes or robbing a liquor store under the auspices of CISPA, the federal government cannot act on that data, as it has nothing to do with a cyber threat, or a threat to national security. A new CISPA provision, which is currently under consideration, would make the government liable for damages, if it uses or gathers the information improperly. Furthermore, if any information passed along by a private company to the federal government that does not directly concern a threat to a network or system, or to national security, that company could be held liable, the congressmen said.
The congressmen also shot down claims that CISPA will be used to “spy” on private citizens, saying that the bill encourages private companies to strip out any personally identifiable information from the data that they share with the federal government, and that the sharing of information is entirely voluntary — there is no requirement in CISPA that private companies hand over information to the federal government, and the bill does not authorize the federal government to monitor or track private citizens or groups.
In short, said the congressmen, CISPA is simply intended to allow the federal government to more easily share classified information with the private sector, which is currently difficult or entirely prohibited. They also said that they believe CISPA is a necessary first step in protecting US companies and the critical US networks and systems from an attack, specifically an attack from a country like Russia or China.
“We believe that there will be a catastrophic cyber attack if we don’t start to put some protections in,” said Rep. Rogers. “We’re not talking about small groups, we’re talking about nation states who are engaged in attempts to shut down sections of the economy.”
Despite the fact that CISPA runs only 13 pages — extremely short, by House standards — and that it was worded to be easily read and understood, the bill raises many questions about its potential repercussions for the general public, and Internet users in particular. Much more was said during the call than we’ve covered here, and we will be providing a full transcript of the call soon, for anyone who would like to read an unedited version. We will also be reporting much further on CISPA, to make sure all the facts are out there before the bill goes up for a full vote during the week of April 23.