Written by Jim Harper, Director of Information Policy Studies at the Cato Institute. Posted with permission from Cato @ Liberty.
A year ago, almost to the day, I blogged about a legislative package on cybersecurity being proposed in the Senate. “Soviet-Style Cybersecurity,” I called it, because of the “centralizing and deadening effect” it would have on the many and varied efforts to respond to the many problems lumped together as “cybersecurity.” President Obama’s new executive order, titled “Improving Critical Infrastructure Cybersecurity,” has similar, if slightly more sinister, qualities.
To understand my thinking in this area, you must first understand the concepts in a superlative law review article I first read when I was doing oversight of the regulatory process as a congressional staffer. “Administrative Arm-Twisting in the Shadows of Congressional Delegations of Authority” is by University of Flordia law professor Lars Noah. In it, he described the administrative practice of imposing sanctions or withholding benefits in order to elicit “voluntary compliance” from regulated entities. The upshot? There is no “voluntary” when businesses are repeat players or under ongoing supervision of an agency.
The cybersecurity executive order has arm-twisting all over it.
Nearly a week after the House of Representatives overwhelmingly passed the controversial legislation, it appears that the Cyber Intelligence Sharing and Protection Act — commonly known as CISPA — has been shelved, at least for now. Citing Internet privacy concerns, the Senate will not take up the bill, but will instead work on new legislation that addresses cyber attacks on the United States:
The Senate will not vote on a cybersecurity bill that passed the House earlier this month, according to two Senate staffers, dealing a blow to a measure that sparked opposition from privacy advocates and the White House.
Sen. Jay Rockefeller (D-W.V.), who is chairman of the Senate Commerce Committee, “believes that information sharing is a key component of cybersecurity legislation, but the Senate will not take up CISPA,” a committee staffer told HuffPost.
A staffer for the Senate Intelligence Committee said the committee also is working on an information-sharing bill and will not take up CISPA.
“We are currently drafting a bipartisan information sharing bill and will proceed as soon as we come to an agreement,” Sen. Dianne Feinstein (D-Calif.), chairwoman of the Senate Intelligence Committee, said in a statement Thursday.
The White House had already issued a veto threat on CISPA, citing privacy concerns, as ironic as that sounds given some of the things this administration has pushed. This is also quite similar to what happened last year when the House passed CISPA and it was killed by the Senate.
Despite a veto threat from the White House, the House of Representatives overwhelmingly passed the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that puts Internet privacy at risk:
The Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624, was approved in a 288-127 vote despite ongoing fears from some lawmakers and privacy advocates that the measure could give the government access to private information about consumers.
Ninety-two Democrats voted with Republicans in favor of the bill and just 29 Republicans opposed it. The bill secured enough votes to override a veto.
That’s greater support than last year, when a similar bill passed 248-168 with the support of 42 Democrats. Twenty-eight Republicans opposed that bill.
Click here to see how the representatives from your state voted.
While most agree that more needs to be done to protect the United States from hackers and other cyber threat, it needs to be done in a way that ensures Internet privacy. The bill, as currently, simply doesn’t go far enough to that end. The Electronic Frontier Foundation (EFF) recently noted that CISPA gives immunity to companies that improperly share data with the government.
It looks like President Barack Obama may finally come down on the right side of an issue. According to a statement released yesterday from the White House, President Obama has issued a veto threat over H.R. 624 — the Cyber Intelligence Sharing and Protection Act, which is more commonly known as CISPA.
“The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 in an effort to incorporate the Administration’s important substantive concerns,” read the statement from the White House. “However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”
The “improvements” mentioned in the statement are the need for greater privacy protections than the bill currently provides for Internet users.
“H.R. 624 appropriately requires the Federal Government to protect privacy when handling cybersecurity information,” noted the statement. “Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government.”
Nearly two months have passed since President Barack Obama signed an executive order dealing with cybersecurity. This move reignited the debate over CISPA, controversial legislation that has some very severe implications for Internet privacy.
Yesterday, the House Intelligence Committee approved CISPA, paving a path for a final vote in the House some time next week:
The House Intelligence Committee passed a controversial cybersecurity bill on an 18-2 vote Wednesday.
The Cyber Intelligence Sharing and Protection Act, known as CISPA, is expected to be voted on in the House next week with a set of other cybersecurity-focused bills.
House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), the authors of the bill, expressed optimism that Wednesday’s markup vote signaled they have enough momentum to pass CISPA through the House, as it did last year.
While threats to infrastructure are very serious and should be addressed, Congress should be working for ways to protect Internet privacy and due process. That clearly has not been done with previous or current versions of CISPA. In fact, Declan McCullagh noted yesterday that amendments that were offered in committee that would have protected privacy were overwhelmingly voted down.
Don’t look now, folks, but the Cyber Intelligence Sharing and Protection Act (CISPA) is making a comeback thanks to President Barack Obama.
Between the end of 2011 and early 2012, online activists were able to raise a firestorm over legislation — Stop Online Piracy Act (SOPA), PROTECT IP Act (PIPA), and CISPA — that would have severely diminished Internet privacy. Thanks to the outcry, all three bills eventually died.
According to a report yesterday from The Hill, President Obama will on Wednesday sign an executive order — completely bypassing Congress, which is becoming an all too familar pattern with this White House — that will implement cybersecurity measures from against attack on the United States:
The White House is poised to release an executive order aimed at thwarting cyberattacks against critical infrastructure on Wednesday, two people familiar with the matter told The Hill.
The highly anticipated directive from President Obama is expected to be released at a briefing Wednesday morning at the U.S. Department of Commerce, where senior administration officials will provide an update about cybersecurity policy.
The executive order would establish a voluntary program in which companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government.
On Thursday, the United States Senate shot down so-called “cybersecurity” legislation in a mostly party line vote. Many Senate Democrats tried to hype up the bill as something that could prevent a worst-case scenario, but Republicans were concerned that it would put too much on businesses.
Sen. Ron Wyden (D-OR) noted that the bill was a trojan horse, explaining that “In its current form, the Cybersecurity Act does not sufficiently safeguard Internet users’ privacy and civil liberties, nor would it create the correct incentives to adequately protect the nation’s critical infrastructure from cyber threats.” Jim Harper, Director of Information Policy Studies at the Cato Institute, also explained that all the cybersecurity legislation would have done is create a headache for business and, as Wyden noted, put privacy at risk through data sharing with the federal government: