Privacy groups protest CISPA bill

Barely a day after the controversial legislation was reintroduced, opposition to the bill has already started

In what is turning out to be a repeat of last year, privacy rights groups launched an assault against the Cyber Intelligence Sharing and Protection Act (CISPA), barely a day after the controversial legislation was reintroduced in Congress on Wednesday.

The bill, sponsored by U.S. Reps. Mike Rogers, (R-Mich.) and C.A. Dutch Ruppersberger, (D-Md.), would bolster cybersecurity by enabling better threat information sharing between the private sector and the government. The law would provide a safe harbor against lawsuits and liability issues for private companies that share intelligence data with each other and with federal agencies, such as the Department of Homeland Security.

Advocacy groups Demand Progress and Fight for The Future claim they have already submitted more than 300,000 signatures from people opposing the bill via email and Twitter. The signatures have been delivered electronically to members of the U.S. House Intelligence Committee and more are being delivered electronically every hour, the two groups claimed in a statement.

According to Tiffany Cheng, a spokeswoman for Fight for the Future, the campaign to oppose CISPA began last Friday when the group first heard of plans to reintroduce CISPA. In total, more than 1 million signatures opposing the measure have been collected by several organizations, including the Electronic Frontier Foundation and Free Press, Cheng said. So far, a .pdf file containing 300,000 of those signatures has been sent to the House Intelligence Committee, she said.

In separate blog posts, rights advocacy groups the EFF and the Center for Democracy and Technology (CDT) expressed adamant opposition to the legislation and urged others to join the fight.

"In seeking to promote cybersecurity information sharing, CISPA creates a sweeping exception to all privacy laws," CDT president Leslie Harris wrote in CDT's blog. "It dismantles years of hard fought privacy protections for Americans."

CISPA was first introduced last year and was approved by the House of Representatives despite a hurricane of protests, including President Obama, who threatened to veto the bill if it landed on his desk.

The bill's supporters, which include nearly every major industry trade group, insist that the information-sharing provisions contained in CISPA are vital to their ability to fight new cyberthreats.

In testimony before Congress on Thursday, Paul Smocer, president of BITS, the technology policy division of the influential Financial Services Roundtable, called the bill essential to improving cybersecurity.

"Given the interconnected nature of cyberspace, institutions recognize that the strongest preparations and responses to cyberattacks require collaboration beyond their own companies," Smocer said in prepared testimony. "The ability to share information more broadly is critical to our response to future attacks."

Smocer downplayed the privacy concerns that have been raised over the bill and hinted that they stemmed from a lack of understanding of the information that companies are seeking to share with each other and the government.

"The reality is that the data being shared on threats are the technical details of malware, sources of malicious attacks and warnings of potential attacks (i.e. 'ones and zeros')," Smocer said.

"If we were comparing this to the world of physical crime, one could think of it as the sharing of ballistic data or modi operandi - information that does not relate to an individual, but that is important to understand both the criminal activity and to stop future risk."

A "Civil Liberties Talking Points" memo on the House Intelligence Committee's website also sought to dispel what the committee claimed were myths related to the legislation.

Privacy advocates, civil rights groups and academics, however, see a much darker side to the bill. Many of them contend the legislation creates or at least enables wide-ranging government surveillance of Internet users.

Their main concern is that the bill's language would allow a wide range of information, including personal data, personal communications and social media interactions, to be collected and shared with government agencies such as the DHS and the National Security Agency under the pretext of cybersecurity.

CISPA also overrides existing privacy law and would grant broad immunities against lawsuits and liabilities to participating companies, EFF policy analyst Mark Jaycox wrote in a blog post Wednesday.

Importantly, there are few transparency provisions in the legislation, Jaycox wrote. Information collected by private companies and provided to the government would be exempt from Freedom of Information Act requests, he noted. There is also nothing in the bill that would require companies to inform users if their information is shared with the government, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Gov't Legislation/Regulationfree pressregulationsecurityDemand ProgresstwittergovernmentintelFight for the FutureprivacyDepartment of Homeland Security

More about CDTEFFElectronic Frontier FoundationFinancial Services RoundtableNational Security AgencyTechnologyTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts