CISPA Changes Show Power of Internet Advocacy

[Commentary] Last week CISPA, the cybersecurity information-sharing bill, passed the House. Though fundamentally flawed, the bill is very different from when it passed the House a year ago, demonstrating the power of a growing Internet advocacy community that sometimes underestimates its own influence. Two game-changing achievements stand out.

When CISPA was reintroduced this year, CDT and others pointed out that, once again, the bill allowed information shared with the government for cybersecurity purposes to be used for national security purposes unrelated to cybersecurity. In the face of criticism that this loophole would turn CISPA into a backdoor intelligence-gathering operation, the House Intelligence Committee amended the text to clearly prohibit such uses. Chalk up one significant victory for Internet advocacy. A second major flaw in the bill was that it would have changed decades of federal policy by shifting control over private sector cybersecurity programs to a super-secret military agency, the National Security Agency. Last year, in the face of criticism, the House leadership blocked any vote on the question of civilian versus military leadership. This year, in the face of ongoing advocacy about the dangers of giving a military agency the lead role in cybersecurity efforts for private sector networks, an amendment was allowed and passed. The amendment was poorly drafted and may not actually say what its sponsors or advocates intended, but there was no doubt that Members thought they were voting to reaffirm civilian leadership. There is no going back now. That House vote changed the dynamic of the debate. The lead Senate bill last year, and the White House, had already embraced civilian control. Any future cybersecurity bill must give the lead role to a civilian agency. A second significant victory for Internet advocates.