President Obama does not usually accuse Republicans of being too hawkish. From ordering the killings of bin Laden and al-Awlaki to doubling troops in Afghanistan, Obama has been assertive with American power, and his re-election campaign talks far more about Afghanistan than Iraq. Yet breaking with those political dynamics, Obama has decided to prioritize civil liberties over claims of national security in an escalating battle with Congressional Republicans.
The issue is significant but largely obscure: a proposed bill, the Cyber Intelligence Sharing and Protection Act (CISPA), that would create new powers for technology companies and the government to gather and share information about American citizens. The information would include the kind of private data that is currently subject to warrants, which ensure some independent court oversight. And if a future president wanted to apply an aggressive interpretation of the bill, the powers might be invoked for massive surveillance with no link to national security.
Still, the legislation does aim at a real threat. The prospect of cyber attacks on infrastructure, government or companies inside the United States is at an all-time high. And Congress has been slow to update federal law on this score.
The National Security Act, which passed after World War II and governs today’s military and intelligence apparatus, has never been amended to address cybercrime. Meanwhile, substantial cyber attacks have recently occurred in Iran, Saudi Arabia, Estonia and India, to name a few examples. Richard Clarke, a respected former counterterrorism official and author of Cyber War: The Next National Security Threat and What to Do About It, argues that Internet service providers should play a larger role in filtering online activity for security threats.
That is part of the approach in CISPA, and companies like Facebook and Microsoft have backed the bill because it provides a framework for them to legally share threat information, both with other companies and the government.
Under current law, companies can be liable under private lawsuits for releasing certain customer data. That may sound like a relatively minor concern, but similar rules were a costly and significant priority for telecommunications companies in the battle over the NSA’s domestic surveillance program. (Congress ultimately granted them retroactive immunity, which helped shield the surveillance from legal oversight.)
CISPA defines threats so broadly, however, that it could amount to a privatized surveillance of all electronic communications—the emails people read and write, the websites they visit and even information stored privately online. “All private electronic communications could be obtained by the government [under CISPA],” argues the American Library Association, and used “for many purposes” other than security. Which brings us back to Obama.