If there’s one thing Americans of all political stripes seem to agree on, it’s the need to thwart cyber-attacks on critical U.S. systems. Just this week, the Pentagon for the first time openly blamed China for hacking U.S. government computer infrastructure.
Yet a bill that would combat cyber attacks by enhancing information-sharing among government agencies and private companies is once again stumbling through Congress, its fate thrown into question by intra-Silicon Valley rivalries and a threatened White House veto. The Cyber Intelligence Sharing and Protection Act (CISPA) would permit information-sharing about possible cyber-security threats among government agencies and private companies. The main idea behind CISPA is that expanding the information flow would help disseminate and centralize information that is otherwise fragmented and siloed, which would help halt cyber-attacks. These attacks pose a threat to companies that own valuable trade secrets, not to mention some of the broader threats they pose to infrastructure and national security.
Amid what should be consensus, CISPA has divided the House and the Senate and has created rifts among technology giants. There has been major opposition to the bill by privacy and civil liberties organizations including the ACLU and Electronic Frontier Foundation. The ACLU characterized the bill as “an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the NSA, without first stripping out personally identifiable information.” Technology companies themselves have split over the bill. On one side, Mozilla and the International Game Developers Association (IGDA) have opposed CISPA on the grounds that it does not sufficiently address privacy concerns and grants overly broad immunity to private companies and the government. On the other side, TechNet, an industry group whose members include executives from Google, Yahoo! and Microsoft, has expressed support for the bill as a protection for companies that balances privacy concerns, thanks to recent revisions to the bill. These revisions prohibit information-sharing for marketing purposes and limit which government agencies may serve as repositories for information, but they have not gone far enough to win over the bill’s critics.
On April 18, the House approved CISPA, but a week later the Senate announced that it would not be taking it up and instead planned to start over and draft new legislation. Then on April 30, the White House responded to a public petition against CISPA. The White House reiterated its support for information sharing designed to prevent cyber-attacks, but expressed continued concerns over privacy, with President Obama warning he will veto it because of the privacy concerns.
This bill could be an important tool to combat the theft of U.S. trade secrets. We know better than to handicap its odds of passage, but we will keep you posted as it advances—or dies, as it did last year.