US Representative Edward J. Markey on Thursday called on fellow House members to reject a bill designed to bolster cyber security, saying it would fail to accomplish its goal and would compromise consumer privacy.
The House plans to vote Friday on the Cyber Intelligence Sharing and Protection Act (CISPA) , which would enable private companies to share electronic information with one another and with the federal government. Supporters argue the exchange of data — which could include customers’ personal information — will help businesses and the government guard against hackers from terrorist organizations and foreign governments.
But Markey and other lawmakers contend the bill is an affront to civil liberty and that its protective power is limited because information sharing would be voluntary.
Markey faulted the bill, sponsored by Republican Mike Rogers of Michigan and Democrat C.A. Dutch Ruppersberger of Maryland, for not requiring companies to report cyber attacks to the government. He noted that under the proposed law, a nuclear power plant aware of a computer worm that could cause widespread meltdowns would not have to notify others of the threat.
But, Markey asked, “Could companies share personal information about consumers with other companies, even if that information has nothing to do with cyber security? Yes! Would companies be free from liability if they share this personal information? Yes! Could the government use personal information to spy on Americans? Yes!”
In a statement ahead of House deliberations, the Obama administration raised similar concerns and said the president would veto the bill, if it reached his desk.
“The American people expect their government to enhance security without undermining their privacy and civil liberties,” the White House statement said. “Without clear legal protections and independent oversight, information sharing legislation will undermine the public’s trust in the government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections.”
Rogers and Ruppersberger have filed amendments to the bill that they say should assuage privacy worries. The changes would block the use of personal information for reasons unrelated to threats against government or business systems and networks.
Threat reporting to the government would remain voluntary.Callum Borchers can be reached at firstname.lastname@example.org. Follow him on Twitter @callumborchers.