What CISPA’s reintroduction actually means

For intelligence officials, CISPA is a critical step in encouraging the private sector to collaborate with the government against cyber threats. Any company that voluntarily hands over users’ information to any federal agency would earn liability protections from lawsuits and privacy complaints. Why does this matter? On the government’s view, these protections grease the skids between the private and public sector, making it more likely that time-sensitive information about threats and vulnerabilities would get to the right government agency at the right time.

For civil libertarians, this is nothing more than a dangerous expansion of the surveillance state. According to the digital rights advocacy group Access, CISPA “puts few limits on the transfer of personal user information that can be collected from private companies by the U.S. government all while creating broad liability protections for doing so.” Gizmodo’s Sam Biddle called it “the worst privacy disaster our country has ever faced.” Concerns like these stalled the prior versions of the bill in the Senate and even earned it the threat of a White House veto.

Could this time be different?

Probably not. For one thing, the reincarnated bill is a carbon copy of its failed predecessors. More importantly, Rep. Ruppersberger lost his Republican co-sponsor Rep. Mike Rogers, who retired from Congress last year. And term limits forced Ruppersberger to give up his ranking seat on the House Committee on Intelligence. The prognosis? GovTrack gives the bill a measly four percent chance of getting through committee and a one percent chance of being enacted. Faced with a large Republican majority, Ruppersberger himself conceded the bill’s fate: “I realize this is not going to pass in this form with me as a Democrat.”

So why reintroduce it?

“The reason I’m putting [the] bill in now is I want to keep the momentum going on what’s happening out there in the world,” Ruppersberger told The Hill. The congressman’s goal in re-upping the bill, he’s suggesting, is to remind the public of the perils of cyber threats.

Which would be a useful service indeed, were they any real risk of forgetting. But it has been a year of leaked emails and hacked accounts, culminating in the two highest-profile attacks to date: the breaches of the Centcom Twitter account and the Sony Pictures studio. The public is unlikely to forget attacks so public so quickly, especially when the president has been stumping on the issue for some time and is nearly certain to highlight it in the State of the Union.

With no Republican co-sponsor, little hope of passage and stiff opposition, it’s hard to see what Ruppersberger’s bill, in the end, will do — other than adduce column inches and campaign contributions for its sponsor. It doesn’t help Ruppersberger’s case, of course, that his district happens to be the site of NSA headquarters (earning him the label “the NSA’s personal Rep in Congress” from the industry blog TechDirt). Nor does his heavy dependence on the defense industry for campaign contributions do much to soothe the skeptics.

But put skepticism of Ruppersberger and his bill aside. The issue of cybersecurity has never had a higher profile, and some action on it is likely. CISPA is worth public scrutiny for what it tells us about the state of the debate. The manner in which the public’s private information can and could be shared with the government ranks as among the most urgent and complex issues of our time. And even if these debates tend to generate more heat than light, a fair hearing for both advocates and opponents of CISPA’s surveillance regime is long overdue. Those of us who have worried about the government’s overreach into our privacy — and about the private sector’s inability to tackle our cybersecurity on its own — should pay close attention.