A tech trade group whose guiding lights include executives from Google, Microsoft, and Yahoo sent a letter to Congress this week in support of CISPA -- the Cyber Intelligence Sharing and Protection Act -- proposed cybersecurity legislation that's raised privacy concerns among groups such as the American Civil Liberties Union.
The letter, from TechNet President Rey Ramsey, is addressed to the leaders of the House Intelligence Committee -- Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D -Md.) -- and commends the committee for providing liability protections to companies that would share data under CISPA and for making an effort to strengthen privacy protections in the legislation.
CISPA is designed, its supporters have said, to protect against foreign cyberthreats by allowing private companies to voluntarily share data with government intelligence agencies without fear of being taken to court over privacy issues.
CNET's Declan McCullagh has noted that under existing federal law, any person or company who helps someone "intercept any wire, oral, or electronic communication" -- unless specifically authorized by law -- could face criminal charges, but that CISPA would overrule those privacy protections.
Tech trade groups, and some tech companies, are backing CISPA not because they necessarily adore it, but because they view it as preferable to a competing bill that's more regulatory.
Ramsey's letter includes the membership roster of TechNet's Executive Council, with names such as Yahoo's Marissa Mayer, Google's Eric Schmidt, and Microsoft General Counsel Brad Smith. It says CISPA "recognizes the need for effective cybersecurity legislation that encourages voluntary, bi-directional, real time sharing of actionable cyberthreat information to protect networks," but it implies that further work may be needed.
"As the legislative process unfolds," the letter says, "we look forward to continuing the dialogue with you and your colleagues on further privacy protections, including discussions on the role of a civilian interface for information sharing."
Beltway blog The Hill, which reported on the letter earlier, notes that privacy advocates want to see CISPA amended so a civilian agency such as the Department of Homeland Security would receive cyberthreat data first, before passing it on to an intelligence body such as the National Security Agency.
The ACLU has written that in its current form CISPA "empowers the military, including agencies like the NSA, to collect the Internet records of Americans' everyday Internet use" and that "It is a long-established principle that the military is not permitted to spy on Americans."
The primary reason CISPA is so contentious is that it overrides every other state and federal law on the books, including laws dealing with e-mail privacy, when authorizing companies to share data with the federal government. Data that can be shared includes broad categories of information relating to security vulnerabilities, network uptime, intrusion attempts, and denial-of-service attacks, with no limit on including personal data.
The House Intelligence committee, however, dismisses privacy fears. A "Myth v. Fact" paper (PDF) prepared by the committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.
CISPA won the committee's approval this week, without several proposed privacy amendments, including one that would have limited the sharing of private sector data to civilian agencies and would have specifically excluded the NSA and the Defense Department.
The committee's decision advances CISPA to the House floor, with a vote expected as soon as next week. It's a difficult vote to handicap: it could be a reprise of last year, when members approved the legislation by a vote of 248 to 168. On the other hand, if only 40 members switch their votes from yea to nay, CISPA is defeated.
Last time around, a formal veto threat by President Obama a day before the House vote helped galvanize Democratic opposition -- Democrats preferred their own legislation, which had a different set of privacy problems. But the White House has not responded to an anti-CISPA petition that topped 100,000 signatures a month ago, and the president's recent signature on a cybersecurity executive order may mean the administration's position on legislation has shifted.
Here's the text of Ramsey's TechNet letter, as published by The Hill:
April 10, 2013
The Honorable Mike Rogers
The Honorable Dutch Ruppersberger
U.S. House of Representatives
Washington, D.C. 20515
Representatives Rogers and Ruppersberger:
TechNet, the bipartisan policy and political network of technology CEOs that promotes the growth of the innovation economy, commends you for your work on cybersecurity and writes to express our support of H.R. 624, the "Cyber Intelligence Sharing and Protection Act of 2013."
This bill recognizes the need for effective cybersecurity legislation that encourages voluntary, bi-directional, real time sharing of actionable cyberthreat information to protect networks. We commend the Committee for providing liability protections to companies participating in voluntary information-sharing and applaud the Committee's efforts to work with a wide range of stakeholders to address issues such as strengthening privacy protections. As the legislative process unfolds, we look forward to continuing the dialogue with you and your colleagues on further privacy protections, including discussions on the role of a civilian interface for information sharing. The information technology industry has provided leadership, resources, innovation, and stewardship in every aspect of cybersecurity for more than25 years, as ultimately, innovation is the most important tool in America's cybersecurity toolbox. TechNet appreciates your continued attention to this important issue and the strong leadership that you have provided.
President & CEO
CNET's Declan McCullagh contributed to this report.