TECH
03/20/2013 01:38 pm ET Updated Mar 20, 2013

Web Giants Fight CISPA, Push Back Against Resurrection Of Cybersecurity Bill

Thousands of websites, including Craigslist and Reddit, demonstrated their opposition this week to a controversial cybersecurity bill, arguing the measure fails to protect the privacy of Internet users.

But as Internet activists wage an online battle against the Cyber Intelligence Sharing and Protection Act, the bill's chances of passing Congress the second time around remain uncertain, and some experts question whether CISPA goes far enough to protect the country from a potentially crippling cyberattack.

The websites opposing the bill broadcast an "action tool" on their sites Tuesday that allows users to send an automated message to their representatives in Congress. “CISPA is Back. This bill sacrifices privacy without improving security. We deserve both," the message says. Craigslist featured a link on its site that said: "Pro Privacy? Oppose CISPA."

The effort is being promoted by the Electronic Frontier Foundation and the Internet Defense League, an organization of Internet activists who led an online outcry last year that led to the defeat of anti-piracy legislation known as SOPA. The organizers said more than 30,000 websites participated Tuesday in the online protest.

The action marked the latest push by activists to rally public opposition to the bill, which was re-introduced in February by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) after it failed to pass Congress last year.

Last month, activists submitted 300,000 online signatures via email to the House Intelligence Committee, which is debating the legislation. This month, a petition urging the Obama Administration to prevent the bill from becoming law reached 100,000 signatures -- the necessary threshold to elicit a response from the White House.

The legislation would give businesses and the federal government legal protection to share data on cyber threats with each other in order to enhance the nation's cybersecurity. President Obama and many experts have warned that Congress needs to pass a cybersecurity bill because the nation's most vital computer systems are increasingly vulnerable to a cyberattack that could lead to severe economic loss, sustained blackouts or mass casualties.

But privacy and civil liberties groups oppose the House bill, arguing its definition of what data can be shared with the government is overly broad and fails to protect Internet users' privacy.

"The bill would allow companies to share private user information with the government in ways that are currently illegal, and provide legal immunity to companies that share information for vaguely defined 'national security' purposes," the Internet Defense League said in a statement Tuesday.

However, James Lewis, a senior fellow and director of technology policy at the Center for Strategic and International Studies, said such arguments are misleading. Under the current legislation, the government and companies would not share with each other the content of private emails, he said. Instead, a machine would search Internet traffic for patterns of "ones and zeros" in computer code that would signal a potential cyberattack, Lewis said.

House lawmakers are expected to vote on the bill in April. Several tech and telecom companies are backing the legislation, including AT&T, Verizon, Facebook and Microsoft.

But even if the House passes the legislation, it remains unclear how the Senate and White House will respond. Last year, the Senate never voted on the House bill. Instead, senators tried to pass comprehensive legislation known as the Cybersecurity Act of 2012.

That bill failed amid differences over how to enforce security benchmarks for companies that operate critical infrastructure, such as the power grid or water treatment plants.

Obama signed an executive order last month to protect government and businesses from what he called "the rapidly growing threat from cyberattacks." But senior administration officials have said the executive order was a "down payment" on what they hope will be congressional action this year.

Last year, the White House threatened to veto the House bill over privacy concerns, but the president has not made the same threat so far this year.

Even if the bill becomes law, it only fixes part of the problem, according to Lewis. About 25 percent of cyberattacks have never been seen before, meaning the information that's being shared between companies and the government may not prevent an attack, he said.

"It's like saying four people are trying to break into your house and I'll tell you about three of them," he said.

PHOTO GALLERIES
5 Ways Your Internet Freedom Is At Risk

CONVERSATIONS