ASNE opposes CISPA and other cybersecurity bills
After years of warnings about looming security threats on the Internet, cybersecurity has emerged as one of this year's key legislative issues. Unfortunately, the spate of legislation that has been introduced so far in the U.S. Congress has created grave concerns among civil liberties organizations and open government advocates. ...
After years of warnings about looming security threats on the Internet, cybersecurity has emerged as one of this year's key legislative issues. Unfortunately, the spate of legislation that has been introduced so far in the U.S. Congress has created grave concerns among civil liberties organizations and open government advocates.
The latest bill to set off alarms in the capital is H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), introduced by House Intelligence Committee Chairman Mike Rogers (R-Mich.-pictured). ASNE joined over 30 other non-profit organizations on a letter opposing CISPA that was sent this week to House members. Like the other cybersecurity bills introduced this year, CISPA is a black box: It would increase information sharing within the government, and between the private sector and the government, but it almost completely cuts off public access once the information is received by the government.
(ASNE has previously joined efforts opposing S. 2105, Sen. Joseph Lieberman's Cybersecurity Act of 2012; and S. 2151, Sen. John McCain's Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act.)
Much of the attention surrounding CISPA has focused on personal privacy concerns, since the bill encourages private companies facing cybersecurity threats to provide information to the government. The government is likely to receive a significant amount of personally identifiable information as a result, with no guarantee that the information will remain secure and free from abuse. We share the concerns of the personal privacy advocates who see great peril in this arrangement.
But our greater concern is transparency. CISPA and the other cybersecurity bills offer a wholesale FOIA exemption for almost all information that is collected by the government from private companies under the legislation. Sponsors argue that the private sector won't “buy into” these collective efforts without a FOIA exemption and immunity from liability. However, cybersecurity information is so broadly defined within the bills that information that should be publicly available will inevitably get swept up in the exemptions. Moreover, confidential trade secrets, information pertaining to an ongoing law enforcement investigation, and information that has been properly classified due to national security concerns are already exempt under FOIA.
The action around CISPA, which is scheduled to reach the House floor for a vote next week, picked up markedly yesterday. The Obama Administration issued a statement signaling its unease with the bill, and sponsors have been circulating a slightly revised version of the legislation. ASNE will continue to monitor the progress of CISPA and the other cybersecurity bills, and will oppose any efforts to blow a hole in the fabric of the Freedom of Information Act, which is vital to the health of our democracy.