CISPA: online petitioners hope to scuttle Senate-bound cybersecurity bill

Hackers from the Syrian Electronic Army launched an attack on the Twitter profile of the Associated Press on Tuesday, and claimed, falsely, that two “Explosions” had gone off at the White House injuring President Obama.
The ruse sent the U.S. stock market tumbling, as investors lost $200 billion in several minutes of what we can only imagine looked something like Bane harrying stock exchange traders with drop kicks straight to the chest.
For congressional supporters of CISPA—the Cyber Intelligence Sharing and Protection Act—such an attack seems like validation of the bill’s call for stronger cybersecurity protections by enacting provisions ensuring liability protections for private companies that share cyber attack and threat information with the federal government.
But the bill, which passed the U.S. House last week, now sits unexamined in a U.S. Senate more concerned with gun control and immigration reform. As the AP reported:

The lack of enthusiasm in the Senate and objections by the White House mean that the legislation is in limbo despite an aggressive push by lobbyists representing nearly every corner of industry.

CISPA is stalled thanks to Senate indifference, not because of objections raised by privacy and civil liberties groups since the cybersecurity legislation was re-introduced in February.
Still, CISPA’s opponents protest on: CISPApetition.org has attracted more than 177,000 signatures and informs visitors that CISPA “gives private companies the power to share our private e-mails, tweets and Facebook messages with various government agencies.”

“CISPA works to protect the privacy of individuals,” said Democratic Congressman Dutch Ruppersberger in an interview with Technically Baltimore. Ruppersberger, co-sponsor of the bill and the ranking member of the House Intelligence Committee, represents Maryland’s 2^nd district, in which the U.S. Cyber Command and the National Security Agency are both located.
“It does not allow the government to … read your e-mails,” he said. “[Or] require companies to turn over personal information.”
Enemies of CISPA don’t buy it. More than 500 websites went “dark” Monday to protest CISPA passing the U.S. House. on April 18, even with an amendment added during Intelligence Committee hearings the week before the vote that requires the federal government to strip personally identifiable information from cyber threat data they receive from private companies.
“Despite a (good) fix that bars the government from using information under CISPA for any “national security” purpose … CISPA still contains loopholes for companies to directly hand potentially sensitive and personal private information to secretive intelligence agencies like the NSA,” said Mark M. Jaycox, a policy analyst with the Electronic Frontier Foundation, in an e-mail.
While the Department of Homeland Security’s cybersecurity center is directly responsible for any cyber threat information shared by private companies with the federal government, that information is still accessible by the NSA and a long list of other federal-level government agencies.
If CISPA is picked up by the Senate with any vigor, this will be the chief gripe of privacy advocates:

• An amendment that would’ve required private companies to remove personally identifiable information from cyber threat data prior to sharing that data with the federal government never made it into the version of the bill that cleared the House.

As the bill now stands, all CISPA does “is encourage companies to actively monitor information by giving them immunity to monitor and hand over [personal] information to the government,” said Jaycox.
Read Technically Baltimore’s series on the CISPA cybersecurity bill.