Article Lead Image

ACLU says CISPA fixes still won’t protect your privacy

The ACLU says proposed privacy amendments "do not address the fundamental problems" with the cybersecurity bill.


Kevin Collier


Posted on Apr 9, 2013   Updated on Jun 1, 2021, 7:02 pm CDT

The authors of the year’s most contentious Internet bill in Congress think they’ve allayed your privacy concerns.

But just like when this happened last year, privacy advocates don’t agree.

On Monday, Mike Rogers (R-Mich.), author of the controversial Cyber Intelligence Security Protection Act (CISPA) told reporters that he’d agreed to several amendments to the bill before it goes before the House of Representatives for a vote. He wanted to address privacy concerns, he said, especially considering the fact that the White House could veto the bill if it’s too invasive.

CISPA is meant to make it easy for companies that are being hacked to share what they know with government agencies. But opponents of the bill fear it will allow companies to handily bypass existing privacy laws, and, in the event of an attack on their networks, openly share individuals’ personal information with the government.

The text of the amendments isn’t yet public, but the biggest change appears to be removing a clause that would allow the government to use information acquired through CISPA for any “national security purposes.”

The American Civil Liberties Union (ACLU) remains skeptical.

“We haven’t seen text, but going on the general description reported in the press, they do not address the fundamental problems with the bill,” Michelle Richardson, the ACLU’s cybersecurity and privacy lobbyist, told the Daily Dot. The biggest concerns, “like lack of civilian control of domestic Internet programs and preventing companies from sharing personal information,” appear to be untouched by amendments, she said.

During CISPA’s initial draft stages in 2011, the bill’s other author, Dutch Ruppersberger (D-Md.), consulted with the ACLU on how to maintain user privacy. They couldn’t come to an agreement. When reintroducing the bill in February, Ruppersberger touted that he’d “listened to the privacy groups,” and specifically named-dropped the ACLU. In response, Richardson tweeted  “But they didn’t fix [the privacy issues we highlighted] and we opposed [the bill]. Still do.”

CISPA, it’s worth noting, went through this same cycle of privacy concerns and proposed amendments when it was first being debated in the House in 2012. It ended up passing there, though no one picked it up in the Senate. Before that vote, though, Rogers amended the bill to say that the government could only use personal information gleaned through CISPA in five scenarios, including cases of suspected conspiracy to commit terrorism.

Last week, Rep. Adam Schiff (D-Calif.) said he planned to introduce his own amendment to the bill, calling for an automated system that would strip out “personally identifiable information” from the data companies hand over to the government.  CISPA’s sponsors haven’t publicly commented on that proposal.

The date isn’t yet set, but CISPA 2.0 will likely go before a House vote the week of April 15.

Photo of Ruppersberger via WIkimedia Commons

Share this article
*First Published: Apr 9, 2013, 2:22 pm CDT