Ruppersberger's CISPA is back, and Obama is (kind of) into it - Technical.ly Baltimore

Civic

Jan. 22, 2015 8:42 am

Ruppersberger’s CISPA is back, and Obama is (kind of) into it

A bill that helps corporations share data with national intelligence agencies is either a key preventative measure or a “dangerous” cybersecurity overreach, depending on who you ask.
Rep. C.A. Dutch Ruppersberger (left) has long been an active voice on cybersecurity issues.

Rep. C.A. Dutch Ruppersberger (left) has long been an active voice on cybersecurity issues.

(Photo by Flickr user The U.S. Army, used under a Creative Commons license)

Updated with additional information from Ruppersberger spokeswoman Jaime Lennon. (1/26/15, 11:16 a.m.)

A Maryland Congressman is resurrecting his much-proposed, never-passed cybersecurity bill that would allow private companies and individuals to share data with intelligence agencies. This time is different for Rep. C.A. Dutch Ruppersberger (D-Baltimore), though, because of a White House proposal that looks awfully similar to what he’s been proposing for the past several years.

Shortly after the New Year, Ruppersberger re-introduced the Cyber Intelligence Sharing and Protection Act (CISPA). The new bill is identical to a version that was passed by the House last year.

The bill lays out a framework that would allow data sharing of potential threats between “protected entities,” which include corporations, government entities or others that either have a security clearance, or have shown that they can protect cyberintelligence. It also offers a measure of legal immunity to the companies who opt to share the data, essentially meaning they can’t be sued even if the data doesn’t turn out to be connected to a threat. 

In introducing the latest version, Ruppersberger, whose district includes the NSA headquarters at Ford Meade, invoked the recent Sony hack. He said the bill would help businesses “proactively prevent attacks” before they happen.

Past versions of the bill have run into opposition from privacy advocates, who argue that the network established by the bill could result in the government ending up with information that has nothing to do with cyber threats. In response, Ruppersberger told Technical.ly Baltimore in 2013 that the information won’t allow the government to monitor emails or computers, and that the sharing program is “entirely voluntary” for the companies.

One key player in seeing the bill through to passage, however, has changed sides — somewhat. 

Though the bill has passed the House in 2013, President Barack Obama threatened to veto it. He then issued an executive order on cybersecurity that allowed for one-way data information sharing from companies to the government, but didn’t authorize the network envisioned by CISPA.

Advertisement

In the wake of the Sony hack, the President’s thinking may have changed. At this week’s State of the Union, the President spoke about a package of legislative proposals that “encourages the private sector to share appropriate cyber threat information” with intelligence agencies, and offer “liability protection.” It even encourages the private sector to set up their own organizations, which will also receive the data that is shared.

Sound familiar? It does to the key players in the CISPA debate.

“The President’s proposal looks a lot like the bill I introduced along with former Republican Intelligence Committee Chairman Mike Rogers, the ‘Cyber Intelligence Sharing and Protection Act,’ a bill that has twice passed the House of Representatives with wide bipartisan margins,” Ruppersberger said in a statement released after the White House proposal came out. 

Ruppersberger said he mostly agrees with the proposal, but still wants to see a few additional issues ironed out as the President’s proposal makes its way through the legislative process. In other words, CISPA is still on the table.

According to spokeswoman Jaime Lennon, Ruppersberger disagrees with the President about how to remove Personally Identifiable Information (PII) from the data. Companies claim that removing the information would be expensive, and fear they will lose liability protection if they do it wrong, Lennon said. As a result, Ruppersberger advocates that the government remove the info. Under the White House proposal, the companies would remove the PII, and liability protection is contingent on the removal of the data.

Ruppersberger also has concerns about Obama’s proposal for targeted liability protection for sharing data with the National Crime Information Center.

“During our due diligence, many companies argued against this because it means they can no longer go through FBI, Secret Service, etc., even if they have a pre-existing relationship,” Lennon said in an e-mail.

With these issues outstanding, CISPA is still on the table. However, Ruppersberger said he is willing to work through the issues.

The Electronic Frontier Foundation, a consistent critic of CISPA, also saw the similarities, and couldn’t help but point out Obama’s past position.

“Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data, we’re concerned that the Administration proposal will unintentionally legitimize the approach taken by these dangerous bills,” a Foundation statement said.

You must appreciate accurate, relevant and productive community journalism.  Support this sort of work from professional reporters with seasoned editors.  Become a Technical.ly member for $12 per month -30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Baltimore bought $20M in cyber insurance. Such policies are becoming more common

5 inspiring quotes from U.S. Rep. Elijah Cummings on education and opportunity

Xandr, AT&T’s ad company, partners with Baltimore’s clean.io

SPONSORED

Baltimore

Get to know SmartLogic’s culture of plants, podcasts and productive client relationships

Annapolis Junction, MD

Asymmetrik

FULL-STACK DEVELOPER

Apply Now

Annapolis Junction, MD

Asymmetrik

SOFTWARE ENGINEER

Apply Now

Annapolis Junction, MD

Asymmetrik

FRONT-END DEVELOPER

Apply Now

These 4 local accelerators won $50K in federal funding from SBA

Where cybersecurity fit into Gov. Hogan’s trade mission to Australia

Fearless wins federal funding to develop platform for Air Force mobile developers

SPONSORED

Baltimore

Entrepreneurs, think it’s too early to engage a legal partner? It’s not.

Philadelphia, PA

Vistar Media

QA Engineer

Apply Now

Philadelphia

Vistar Media

Sr. Software Engineer

Apply Now

Philadelphia

Vistar Media

Front End Engineer

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!