It appears that the controversial H.R. 3523, Cyber Intelligence Sharing and Protection Act (CISPA), will go up for a vote in the House this coming week. Various privacy and civil liberties advocacy organizations have expressed concern over the legislation, which they say does not include sufficient protections for individuals' personal information and opens the door to government "cyber-spying" on American citizens.
In contrast, supporters of the legislation argue that it is necessary to combat a growing list of cyber threats against government and industry. Among those supporters are a number of corporations and industry trade associations. Most notable among these are well-known technology companies like Facebook, AT&T, Microsoft, and IBM, defense contractors like Lockheed Martin and Boeing, and industry associations like the CTIA, National Cable & Telecommunications Association, and the U.S. Chamber of Commerce.
As someone who researches and writes about the cybersecurity debate in the United States, I was particularly interested in one organization, the Cyber, Space & Intelligence Association (CSIA). I had not heard of the organization before, so my interest was immediately piqued and I began to do some research. Though the organization appears to be an industry association, the available evidence indicates that it is more likely an association of one.
The man behind CSIA is Richard Coleman. In addition to identifying himself as "chairman" of the organization, Coleman is also a fellow at the Potomac Institute for Policy Studies and a senior associate with the Washington, DC consulting and "governmental relations firm," Potomac Advocates.
But it would appear that Coleman is the only man behind the supposed industry association. There are a number of indicators that this is the case. First, the organization does not have a web presence, which is not the case for the other organizations supporting CISPA. Second, in his letter of support for CISPA, Coleman provided a contact email address that is a personal Gmail account instead of an email address associated with the organization. Third, the physical address provided for CSIA in the letter of support is a single family home that is personally owned by Coleman and located in a residential neighborhood of McLean, Virginia. Fourth, none of the cybersecurity experts that I asked had ever heard of the CSIA.
One of those industry insiders was Aaron Barr, former CEO of HBGary Federal. A search of Coleman's Gmail address reveals that he and Barr had been in contact in fall 2010 and that Barr attended an event organized by Coleman. Nonetheless, Barr said that he has never heard of CSIA.
But that email interaction with Barr does provide some clue as to CSIA's origins. In his emails to Barr, Coleman identified himself as "chairman" of "Cyber Fajitas & Margaritas," which Coleman describes on his Potomac Advocates profile as "a successful Government only Cyber leader dinner group." One of those dinner's in September 2010 included a speech by Vice Admiral (Ret) Mike McConnell, Executive Vice President of Booz Allen Hamilton, former Director of National Intelligence, former Director of the National SecurityAgency, and leading cybersecurity proponent.
Some time between September 2010 and September 2011, however, Coleman was promoted from chairman of a dinner group to chairman of his own industry association. But how does a one-man association based out of a private home in McLean, VA find its way onto a list of supporters that includes organizations like Facebook and Microsoft? One answer might be found in Coleman's campaign contributions, which includes donations to both co-authors of CISPA, Mike Rogers (R-MI) and Dutch Rupersberger (D-MD), as well as Lamar Smith (R-TX), the driving force behind SOPA.
The House Permanent Select Committee on Intelligence has provided a list of letters of support from various organizations. Providing such a list does two things. First, it allows for a level of transparency. The public is better able to know which powerful organizations in society are supporting this legislation. The inclusion of CSIA on this list sparks a number of basic questions: When was CSIA founded? Who does it represent? What are its mission and goals? What other cybersecurity policy initiatives does it support? Is it even a real organization? All of this remains unclear. Coleman has not responded to a request for information that I sent to the Gmail address that he listed in his letter of support.
Second, Congressional cosponsors of the bill use the list as evidence of CISPA's necessity and efficacy. If well respected organizations such as these support the legislation, then it must be a good idea. Or so the logic goes. But in this case, there is reason to believe that at least one of these organizations, CSIA, is not what it appears to be. The support of one man is not the same as support from an entire industry. At least in this one example, the implication is that there is actually less support for CISPA than its list of supporters would seem to imply. In turn, this raises a number of other questions: Did the House committee vet the letters of support before posting them to their website? Do they really know the organizations that are supporting the legislation? Are there other associations-of-one among the list of CISPA supporters?
In short, the public deserves to know which organizations are supporting this legislation, especially if it turns out that some of them are not what they appear to be.
Do you know more about the Cyber, Space & Intelligence Association? If so, please feel free to leave a comment.
[This piece is cross-posted from Forbes.com.]