Tech

Electronic sharing bill CISPA would violate rule of law, critics argue

Josh Peterson Tech Editor

A controversial cybersecurity bill in the House has critics worried that it would give technology companies facing cyberthreats the ability to share too much private information about their customers.

The Cyber Sharing and Intelligence Protection Act (CISPA), which was sponsored by House Permanent Select Committee on Intelligence Chairman Mike Rogers and Ranking Member Dutch Ruppersberger, seeks to authorize private companies and the Director of National Intelligence to share information about online threats.

Civil liberties advocates and security experts say the bill does not go far enough to protect Americans’ privacy.

“The bill establishes an information-sharing regime under which private sector entities may, but are not required to, share information with the government about efforts to gain unauthorized access to their computer systems,” former Dick Cheney chief of staff David Addington wrote this week. And while Addington believes the bill could help deal with the lingering treat of foreign powers stealing secrets from American computers, he thinks the bill needs to be fixed to address privacy concerns.

Addington says one section of the bill “actually affirmatively authorizes the government to make use of firearms sales records, tax return records, and medical records shared under the legislation” so long as it abides by rules set by the attorney general, homeland security director and national intelligence director.

The White House has already issued a veto threat should the bill reach President Obama’s desk, citing privacy and civil liberties concerns.

Ryan Radia, associate director of technology studies at Competitive Enterprise Institute, told The Daily Caller that the goal of CIPSA is to give companies broad legal immunity when sharing information, echoing a concern he and Berin Szoka, president of the tech policy think tank TechFreedom, have had about the bill for over a year.

“We’re worried about companies sharing information they think has to do with a cyberthreat, but they make a mistake,” Radia told The Daily Caller.

The two are worried that the bill violates the rule of law by providing companies blanket immunity against “any provision of the law” when sharing private customer information with the federal government.

The House Rules Committee rejected an amendment sponsored by Michigan Republican Congressman Justin Amash during discussion of the bill on Tuesday that would protect the freedom of contract, which maintains that private citizens and corporations can enter into contracts without government restrictions.

“They think companies will share less because their contracts will bind them, but I think that’s absurd,” said Radia, speaking of CISPA’s sponsors.

A vote on the bill is expected Thursday.

Follow Josh on Twitter