Rep. Adam Schiff says the text is largely the same as the one last year. | REUTERS CISPA rebirth: Concerns remain

The controversial CISPA cybersecurity bill is back — and so is the battle as to whether it’s perilous for Americans’ civil liberties.

The authors of the so-called Cyber Information Sharing and Protection Act revived their measure this week with the insistence that it won’t result in a Web user’s private data landing in the hands of the feds. But there’s still a sense among some lawmakers and consumer groups that the bill lacks strong, proper legal checks.


“The text is largely the same as last year, and the concerns haven’t gone away,” said Rep. Adam Schiff (D-Calif.), who spoke with POLITICO after a hearing on the bill Thursday.

“The need to act certainly has intensified,” Schiff added, though he said nothing so far indicated to him “the challenges are insurmountable.”

CISPA emerged in 2012 as the House’s lead salvo in the broader cybersecurity debate. Its top backers, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), hoped to help the federal government and private sector share data in real time and better defend against crippling cyberattacks.

The bill, however, quickly proved divisive. While most of Washington coalesced around the need behind information sharing, some lawmakers and privacy hawks felt CISPA in particular would have granted government too easy access to Americans’ private information.

Rogers and Ruppersberger campaigned to address those criticisms through a series of amendments offered during floor debate — and in the end, they mustered enough support to pass their bill. But CISPA never even had the chance for floor time in the Senate, where lawmakers instead hoped to tackle information sharing as part of a broader bill focused on critical infrastructure. The White House, meanwhile, initially threatened to veto the House’s work — though the pledge came before any tweaks had been made.

As the debate begins anew in 2013, Rogers and Ruppersberger feel they have new momentum to advance CISPA through Congress. For one thing, the executive order signed by President Barack Obama on Tuesday handles one of the thorniest issues in the cyberfight — critical infrastructure — and eases some of the political pressure on Congress, Ruppersberger told POLITICO Thursday.

It doesn’t mean, though, that it’s smooth sailing ahead for CISPA supporters.

The American Civil Liberties Union and others have resumed sounding their alarms about the bill because it still lacks language explicitly requiring companies to strip personally identifiable information from any data exchanged through the program. That change has allies on Capitol Hill — including Schiff, who ultimately voted against CISPA in 2012.

Michelle Richardson, legislative counsel for the ACLU, said the bill requires further narrowing. “It seems like, while tech people say as a practice [that] we’re mostly scanning for known signatures or IP addresses we know are bad, there’s no limitation to that in the bill. It immunizes much broader behavior, and that could include sharing Internet records, content of communications, identifying information like a name associated with an account. All of that’s wrapped up in there — it’s all theoretically cyberinformation.”

The Obama administration itself raised that very objection in a Statement of Administration Policy issued before a vote on CISPA last year. While sources believe the White House opposed the bill chiefly because it didn’t address critical infrastructure, the administration nonetheless indicted CISPA for the absence of “sufficient limitations” on how data might be collected and used.

Those opponents also felt civilian agencies should have led the way, not the Department of Defense or the National Security Agency, and they believed there needed to be stronger language on how long data could be retained. The White House-backed Senate bill, by contrast, satisfied the ACLU and its allies — and the president’s new executive order appears to track closely to that plan.

The White House, however, did not comment Thursday on whether it strictly opposes the rebirth of CISPA. Spokeswoman Caitlin Hayden said the administration does not issue official statements “until bills are ready for the floor, so as not to prejudge the legislative process.”

She continued: “Our belief continues to be that information-sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections.”

Even so, all of those criticisms still hang ominously over CISPA as its backers prepare to return to cybersecurity in 2013. Rogers and Ruppersberger suggested there may be a tiny bit of wiggle room in the debate, but both lawmakers also stressed Thursday they believe the measure in its current form strikes the right balance.

“We’re going to continue both working with the White House, working with privacy groups, working with others,” Rogers told POLITICO. “We want a bill that people are comfortable with, that people fully understand what it does, not what they think it does, and then move it.”

Ruppersberger added, in a separate interview, “Right now, we feel this is the bill,” though he pledged there would be more consultation going forward.

Asked about the many differences that remain between CISPA and its Washington opponents, he replied: “Our job is to educate.”