Cybersecurity and Information Sharing (CISA/CISPA)
H.R. 624: Cyber Intelligence Sharing and Protection Act (CISPA) (introduced 2/13/13)
April 18, 2013
CISPA passed the House with 288 yeas and 127 nays.
April 15, 2013
The ALA joined with like minded groups to send a letter (pdf) to representatives in Congress asking that they oppose CISPA.
March 19, 2013
The ALA joined with like minded groups to send a letter to the White House asking that the President renew his promise to veto CISPA.
March 13, 2013
The House Committee on Homeland Security held a hearing: DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure.
March 11, 2013
A letter was sent to the House Permanent Select Committee on Intelligence regarding openness concerns with CISPA.
February 13, 2013
The Cyber Intelligence Sharing and Protection Act of 2013, H.R. 624 was introduced by Rep. Mike J. Rogers (R-MI) and cosponsored by Rep. C.A. Dutch Ruppersberger (D-MD).
Please see the ALA Washington Office's District Dispatch blog post titled Like a bad penny, CISPA has returned… for additional information.
February 12, 2013
President Obama released an executive order, Improving Critical Infrastructure Cybersecurity.
Please see the ACLU’s blog post, President Obama Shows No CISPA-like Invasion of Privacy Needed to Defend Critical Infrastructure for further information on the E.O.
ALA has communicated to the House of Representatives its opposition to H.R. 3523, The Cybersecurity Information Sharing and Protection Act of 2011, H.R. 3523. The ALA asked Congress to amend H.R. 3523 and move it toward a proper balance between our nation’s privacy laws and the need to fight cybersecurity threats. While the amendment passed 415 to 0 on April 26, 2012, the amendment did not include all of the proposed amendments that the ALA supported.
CISPA would permit corporations, like Google, Facebook, and AT&T, to share vast amounts of electronic communications and personal information with the government and, likely, even with other companies in the name of cybersecurity. ALA remains concerned that essentially all private communications could be obtained by the government and used for many purposes, even enforcement of copyrights.
The bill defines “cybersecurity purpose” as
[T]heft or misappropriation of private or government information, intellectual property, or personally identifiable information.
This bill would trump all current privacy laws including the forty-eight state library record confidentiality laws as well as the federal Electronic Communications Privacy Act, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the Privacy Act.
Essentially, CISPA would establish a whole new system for our nation’s privacy laws and policies and legalize extraordinary intrusions into established privacy rights and civil liberties.
Like the bills “postponed” earlier: SOPA - H.R. 3261, The Stop Online Piracy Act and PIPA – S. 968, The Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011, CISPA raises major threats to our basic rights under the old bromides of cybersecurity and the surveillance needs of law enforcement.
Cybersecurity is a very serious, legitimate concern for our nation, libraries, library patrons and the public at large. ALA recognizes that legislation is necessary to clarify and create an appropriate regime for the government and the private sector to battle cyber-threats. But H.R. 3523 would permit, even require, these companies, ISPs and many entities to monitor all online communications and share personal information with the government without effective oversight just by claiming the sharing is for “cybersecurity purposes.” The government would be able to retain and use the shared information for other purposes as well.
While most libraries are not typically defined as ISPs (although some could be), ISP services are some part of the connections in most network or communication systems. The library consequences could relate to cloud computing, higher education networks, privatized libraries and networks, and network/vendor contracts - whether intended or not, leading us to assume that the public – and our library institutions, would be seriously affected.
Unfortunately, CISPA causes concerns beyond the privacy and civil liberties problems. Note the inclusion of “intellectual property” in the definition of “cybersecurity purpose” bringing back a wiff of SOPA and PIPA and their copyright problems for libraries.
ALA asks library activists to monitor the status of CISPA and the other cybersecurity bills as Congress proceeds in the coming days and weeks. Ongoing advocacy from library and privacy supporters is crucial if CISPA is to be defeated or drastically amended.
ALA has been working with a diverse coalition including the American Civil Liberties Union, the Electronic Frontier Foundation, the Center for Democracy and Technology as well as the Liberty Coalition, Openthegovernment.org, and the Rutherford Institute. As part of a shared campaign, there are a series of blogs, web pages, and other information about the cybersecurity legislation.