Long-time tech advocate Rep. Zoe Lofgren (D-Calif.) is pushing back against a revived measure to facilitate cybersecurity information sharing between the public and private sector.
“I fear we may have taken the wrong lesson from these recent high-profile attacks,” Lofgren said in a statement Friday. “These attacks were not the result of a missed opportunity to share information, but rather caused by substantial and obvious security failures and a culture of treating cybersecurity as an after-thought.”
Rep. Dutch Ruppersberger (D-Md.) on Friday reintroduced his bill — known as the Cyber Intelligence Sharing and Protection Act (CISPA) — in an attempt to piggyback off the attention the recent Sony hack has brought to cybersecurity.
The measure passed the House last year but fell short in the Senate, felled by privacy advocates’ concerns that the bill enables more collection of Americans’ personal data.
Lofgren echoed these sentiments.
“CISPA's astonishingly broad and overly vague information sharing regime does more harm than good when it comes to Americans' privacy,” she said.
“Rather than introducing a bill which would allow private entities to share personal information, including the content of emails, for vaguely defined 'cybersecurity purposes,' we should be looking to promote proper cybersecurity practices as a foundational pillar of modern businesses.”
While a Republican majority in the Senate could boost CISPA’s 2015 odds, Ruppersberger is introducing the bill without last year’s co-sponsor, former House Intelligence Committee Chairman Mike Rogers (R-Mich.), who retired from Congress.
Term limits also forced Ruppersberger to lose his powerful spot as the top Democrat on the House Intelligence Committee. His replacement, Rep. Adam SchiffAdam Bennett SchiffOvernight Hillicon Valley — Hacking goes global Schiff calls on Amazon, Facebook to address spread of vaccine misinformation Spotlight turns to GOP's McCarthy in Jan. 6 probe MORE (D-Calif.), voted against the 2013 version of CISPA over its lack of privacy protections.
But in a statement Thursday, Schiff showed qualified support for the effort, saying the bill’s “defects are easily remedied.”
Lofgren believes the CISPA debate is missing the point.
“If we truly wish to protect the nation against cyberattacks through information sharing, we should encourage the government to disclose the previously unknown hardware, software and network vulnerabilities it discovers that leave our private companies vulnerable to bad actors,” she said.
Lofgren also pointed to the Secure Data Act, a bill that bars the government from requiring mobile phone companies create so-called "backdoor" security vulnerabilities into their devices. Sen. Ron WydenRonald (Ron) Lee WydenWant a clean energy future? Look to the tax code Democrats brace for toughest stretch yet with Biden agenda Lawmakers lay out arguments for boosting clean energy through infrastructure MORE (D-Ore.) is reintroducing the bill.
Passing such a measure “would bolster national security, economic security, personal privacy, and rebuild public trust,” Lofgren said.