Rep. Dutch Ruppersberger (D-Md.) said he was targeted by hacker group Anonymous for co-authoring a cybersecurity bill that overwhelmingly passed the lower chamber this month.
The hacker group has made its disdain for the cybersecurity bill widely known. Last year, Anonymous took credit for crashing the websites of two major trade associations, USTelecom and TechAmerica, which supported the cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA).
The group has published a torrent of tweets criticizing the measure this year.
To this end, the Maryland Democrat said he decided not to ask other members to attach their names to the bill when it was first introduced in February, saying it helped shield them from pushback from opponents of the measure.
"I didn't want to put anybody who was going to support the bill ... to be subjected to those attacks in their districts, and calling and threatening and that type of thing, so we really decided to not get anybody on the bill right away and to educate people right to the end," he said.
Ruppersberger and House Intelligence Chairman Mike Rogers (R-Mich.) were the only two co-sponsors of CISPA when it was first introduced in February. Yet three days before the bill went to a vote on the House floor, 36 members from both parties signed on to co-sponsor the bill.
Despite the hacker group's threats, as well as a veto threat from the White House and outcry from privacy groups, CISPA passed the House this month on a 288-127 vote. The bill also passed the House last year, but went untouched in the Senate.
Compared with last year, CISPA received more than twice as many votes from Democrats this time around, with 32 Democratic members switching their "no" votes to “ayes.” The bill also secured enough votes to thwart a potential veto.
"We worked this bill hard and it took a lot of work, but paid it off," Ruppersberger said.
CISPA aims to remove the legal barriers that prevent companies from sharing information about cyber threats with the government in real time, so they can thwart cyberattacks faster. Under the bill, companies are granted liability protection from lawsuits if they share data about malicious source code and other cyber threats with the government.
Ruppersberger attributes the strong vote margin to the adoption of privacy-focused amendments to the bill, as well months of holding briefings to educate freshmen members about the intent of the CISPA.
"It takes a while, we could not talk anyone into [backing] it in one session," he said. "We had to keep doing it over and over."
In particular, Ruppersberger credits an amendment put forward by Homeland Security Committee leaders Michael McCaul (R-Texas) and Bennie Thompson (D-Miss.) for helping secure more votes from members that were concerned that the bill infringes on people’s privacy and civil liberties.
Privacy advocates and the White House opposed the bill, in large part, because it would allow companies to share cyber threat data directly with the National Security Agency (NSA) without being required to remove personally identifiable information from it. They believe a civilian agency, like the Department of Homeland Security (DHS), should receive that data before it gets passed on to the military, including the NSA.
McCaul and Thompson’s amendment proposed to establish a center within the DHS as the federal hub for cyber threat information-sharing efforts, and designated the Justice Department as the hub for all cyber crime information.
Ruppersberger said the amendment made it more likely that DHS, a civilian agency, would be the first recipient of cyber threat data from companies. However, Rogers received pushback from other GOP members for supporting the amendment, according to Ruppersberger, because they questioned DHS’s ability to take on the new role.
“He was going to get pushback, but I give him credit. He understood the more bipartisan [the bill] was, the better chance it had of passing in the Senate,” Ruppersberger said.
Both privacy groups and the White House said the changes to the bill were a step in the right direction, but didn’t go far enough to allay their underlying concerns with the bill.
“The McCaul amendment is an important step … but it's not ironclad language that the administration has endorsed,” said Michelle Richardson, a legislative counsel in the American Civil Liberties Union’s Washington office.
Following House passage of CISPA and a package of other cybersecurity-focused bills this month, the battle now heads to the Senate.
Senate Intelligence Committee leaders Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.) are currently crafting their own separate cybersecurity information-sharing focused bill.
“We're focusing on the Senate now,” Richardson said. “CISPA is not the starting point.”
But Ruppersberger says the strong vote CISPA received in the House sends a strong message to the Senate.
“We’re trying to protect Americans from theft and destructive attacks and I don’t see any wins until the president signs” a bill, he said.