Cyber Intelligence Sharing and Protection Act (CISPA)Friday May 04, 2012
Thank you for your comments about the cyber-security legislation that recently passed the U.S. House of Representatives. I appreciate your thoughts and concerns on this issue.
For years, foreign nations as well as our economic rivals have targeted the computer systems of both private businesses and our military forces in an attempt to steal intellectual property or attack our nation. In order to enable our military and businesses to adapt to and defend against these cyber attacks, Representatives Mike Rogers and Dutch Ruppersberger introduced H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA).
When I was elected to Congress, I swore to uphold the Constitution and protect this great nation from all enemies, both foreign and domestic. But I have always been skeptical of legislation that sacrifices our liberty to achieve security. For instance, one of the first votes I cast was to oppose the reauthorization of the USA Patriot Act, which I continue to believe chips away at the Constitution.
More recently, during the debate of the NDAA I was concerned that the bill did not adequately restrain the power of the President to indefinitely detain Americans and voted against that bill as well. If you look at my record you will see that, from fiscal issues to a growing federal bureaucracy, I have placed freedom and liberty at the forefront of my decisions.
With CISPA, I was worried that once again we were drafting legislation that would compromise our freedom for a promise of security. That is why I spent a lot of time reading the bill, studying the issues raised by this legislation and being briefed on the security concerns that our nation was facing. I have seen that the cyber-security threats are real.
However, I wanted to avoid the knee-jerk reaction to go beyond simply protecting our nation from these threats. Some in Congress wanted to create a whole new system of regulating business use of cyberspace and accumulate more power for government over the internet. My biggest concern was that if we did not protect our nation from a cyber-security attack, we would have a push in Congress for the creation of a new federal bureaucracy that would control and regulate internet activity.
Rather than creating a new federal bureaucracy, CISPA empowers government agencies and the private sector to more effectively protect their computer networks and intellectual property. The bill simply allows the government to share malicious source code with companies and individuals in America. In addition, the bill allows private entities to voluntarily share cyber threat information with the government. CISPA harnesses private sector drive and innovation to protect our intellectual property and sensitive information without increasing the size and scope of government.
When CISPA was originally drafted, it placed a great emphasis on security, but I and many others felt that it lacked privacy and civil liberties protections. Chairman Rogers took many of these concerns into account and modified the text of the bill to clarify that it did not grant the government new powers of censorship, monitoring, or the ability to take down controversial websites.
Even after these changes had been made, I was concerned that loopholes remained. I understand that the cyber threats facing our country are legitimate and dangerous threats to our nation's sovereignty. In an attempt to keep both our nation and our civil liberties secure, I and other Members of Congress introduced several amendments to CISPA to improve it further. Congressman Justin Amash and I introduced an amendment to prevent the government from using CISPA to receive library records, gun records and other information that it is currently prohibited from acquiring without a warrant. This amendment unanimously passed.
I supported five other successful amendments that each strengthened the privacy and civil liberties protections in CISPA: one that clarified that CISPA would not weaken public access to information under the Freedom of Information Act, one to more adequately define what "cyber-security threats" are covered in the bill, one to more strictly limit the purposes for which the government could use the information gathered under CISPA, one to limit the type of data that could be obtained and shared and one to set the bill's lifespan to a five year period.
Legislation that deals with national security must balance the twin Constitutional requirements to keep our nation sovereign and secure along with protecting privacy and civil liberties. Neither Constitutional goal is more important than the other. For this reason, once the amending process had produced a constitutionally sound bill that I believed secured the nation and protected our civil liberties, I voted in favor of CISPA. As always, I remain dedicated to protecting the civil liberties of all Americans.