New bipartisan House cybersecurity bill haunted by ghost of SOPA’s failure

A growing backlash from online activists has posed a threat to bipartisan House cybersecurity legislation that lawmakers thought was a slam dunk only a month ago. 

Lawmakers, fearing a reprise of the groundswell that blew up online piracy legislation earlier this year, have been quick to try to quell concerns over privacy and censorship.

Opposition to the anti-piracy bills — SOPA in the House and PIPA in the Senate — exploded in the span of a few days and killed both. Given the ability of online movements to quickly go viral, the angry statements of online activists have injected unpredictability into the cybersecurity debate.

“That’s a shadow hanging over any cyber legislation, unfortunately,” a Senate Democratic aide said of the fallout from the anti-piracy bills.

“There has been bipartisanship but what we’re starting to see erupt in the past week to two weeks is some of the same outside groups that weighed in against SOPA and PIPA are starting to do the same thing on the CISPA legislation, as its acronym is called on cybersecurity, saying its censorship again,” said Bruce Josten, executive vice president for government affairs at the Chamber of Commerce, which supports the legislation.

The 19-page bill, the Cyber Intelligence Sharing and Protection Act (CISPA), is sponsored by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), the panel’s ranking member. It passed out of the Intelligence Committee in December by a vote of 17 to 1.

GOP leaders plan to pass the legislation through the House the week of April 23, which they have dubbed “Cybersecurity Week.”

It would allow the government to share classified intelligence with private companies to give them the information they need to protect themselves from cyber-attacks. Proponents say major U.S. companies lose valuable secrets to competitors in Russia and China through these attacks.

But critics say the bill as drafted is over-broad.

The American Civil Liberties Union has joined with online activists to battle the legislation.

“We think it allows companies to share way too much sensitive and private information with the government, everything from Internet use history to the content of emails. The way it’s drafted is a little broader than the way sponsors are saying,” said Michelle Richardson, legislative counsel at the ACLU.

The civil rights group will send a letter to Congress Monday stating their opposition. 

Online activists have compared the cybersecurity bill to the anti-piracy bills that provoked a strong pushback in January.

“The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse,” the Electronic Frontier Foundation said in a statement.

“It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property,” the group added.

Some activists have vowed retaliation in the form of coordinated computer attacks.

Anonymous, the loosely organized community of hackers that was allied with Wikileaks in 2010 and also opposed SOPA, issued an ominous warning through YouTube to supporters of the cybersecurity legislation.

A video flashing images of street protests warned “CISPA, the Cyber Intelligence Sharing and Protection Act of 2011, and those who have crafted this bill have become sworn enemies of Anonymous. … We will unleash the worst pain on those who threaten our existence.”

An attack by Anonymous earlier this week took down the websites of Boeing, TechAmerica and USTelecom with denial of service attacks. All three companies have issued letters of support for the Rogers-Ruppersberger bill.

The big question is whether Google and Wikipedia will step into the debate as they did to bury SOPA and PIPA.

Google collected more than 4 million signatures on an anti-SOPA petition in January.

A House Intelligence Committee staffer said criticisms leveled by the Electronic Frontier Foundation, the ACLU and other activists are not accurate.

“This whole canard about blocking websites is completely inaccurate," the staffer said. "It permits companies to identify, obtain and share cyber-threat information. There’s nothing about counter measures.”

Rogers and Ruppersberger held a conference call Wednesday with a coalition of outside groups and companies backing the legislation, reassuring them on the bill’s progress. More than 25 trade associations and companies have issued letters of support for the bill.

A Senate aide said the conference call was a sign that the bill is facing a rocky path to passage. A House aide, however, said the call was a routine update.

Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (I-Conn.) and Sen. Susan Collins (Maine), the ranking Republican on the committee, have also introduced cybersecurity legislation.

The senators worked with civil liberties groups to avert some of the criticisms entangling the House bill.

“It’s pretty different,” said Richardson, of the ACLU, in reference to the Senate bill. “It does include some important limitations for privacy purposes that are missing from the Rogers bill.”