Just months after the internet censorship bills SOPA and PIPA were taken off the floor, a new and similarly scrutinized bill, the Cyber Intelligence Sharing and Protection Act (CISPA) has passed through the House of Representatives and is on its way to the Senate. So, what's the bill all about, and does it really resemble SOPA? Let's take a look.
We wrote this back when CISPA first came about, but it seems like the bill that won't die. As of April 18th, 2013, CISPA has resurfaced and passed the House of Representatives, with a few minor differences.
The Basics of CISPA
If passed, CISPA would amend the National Security Act of 1947 to allow government agencies to swap customer data from Internet service providers and websites if that data is a threat to "cyber-security." On a basic level the bill is meant to provide a means for companies and the government to share information with one another to fight against cyber threats. These threats are defined as:
The term cyber threat information' means information directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from-
(A) efforts to degrade, disrupt, or destroy such system or network; or
(B) efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information.
The information gathered can be used to obtain information for five express purposes:
Cybersecurity
Investigation and prosecution of cybersecurity crimes
Protection of individuals from the danger of death or physical injury
Protection of minors from physical or psychological harm
Protection of the national security of the United States
Essentially, CISPA makes it possible for private companies to share potential cyber threat information with the government if the government concludes it needs it for cyber security information (and vice versa) immediately, without a complicated process.
Why Technology Companies Are Supporting CISPA
The main reason companies are supporting CISPA is because it takes the pressure to regulate users off the private company (you can find a huge list of the key players and their positions over on ProPublica). CISPA transfers that role and responsibility over to a government entity. Effectively, it protects companies from being sued if they break their Terms of Service to hand over user information if it's deemed a threat to cyber security.
In Facebook's letter of support, Joel Kaplan, Vice President of U.S. Public Policy, puts the reason behind its support simply:
Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users. Through timely sharing of threat information, both public and private entities will be able to more effectively combat malicious activity in cyberspace and protect consumers.
CISPA transfers the burdensome task of regulating its users content and activity to a government entity and this makes a company's job simple. For instance, if you were posting code snippets of a proposed cyber attack on your private Facebook page the government could request the information and Facebook would be able to hand over every piece of information they have on you immediately. However, this is an entirely voluntary step. If Facebook said no, the government agency asking for the information would have to find another means to get the information. From a company's perspective, CISPA is an opportunity to share information about potential cyber attacks with a branch of the government that could act on it.
On the surface it's not that horrible of a thing, but activists worry about the language used in the bill and how it could be construed in a variety of ways to violate a person's privacy.
Why Technology Rights Groups Are Worried About CISPA
Much like SOPA, the wording in CISPA is broad and the broadness is the root of many of the concerns. A number of activists and rights groups have spoken out against the bill, including Anonymous who reportedly took down trade websites USTelecom and TechAmerica's in retaliation for their support. The White House has also threatened to veto the bill if it passes. Digital rights group The Electronic Frontier Foundation (EFF), issued a statement condemning CISPA's surveillance possibilities:
Hundreds of thousands of Internet users spoke out against this bill, and their numbers will only grow as we move this debate to the Senate. We will not stand idly by as the basic freedoms to read and speak online without the shadow of government surveillance are endangered by such overbroad legislative proposals.
The privacy implications of the broadly defined "cybersecurity threat" is the cause for concern among CISPA's opposition. It's feared the information gathered would be released too easily and would violate the Fourth Amendment because it offers a simple, warrantless means to acquire personal data.
Several other advocacy groups echo this sentiment, including the American Library Association, which has this to say:
The ALA is concerned that all private electronic communications could be obtained by the government and used for many purposes–and not just for cybersecurity activities. H.R.3523 would permit, and sometimes even require, Internet service providers and other entities to monitor all electronic communications and share personal information with the government without effective oversight by claiming the sharing is for "cybersecurity purposes.
CISPA could only be used if the government sees a cyber security danger in one of the five purposes mentioned in the first section above. Opponents to CISPA worry that those five reasons would still open the door to spying because they're broad enough to be applied to several different activities online.
It boils down to this: companies like Facebook and Microsoft are supporting CISPA because it's beneficial for them. The opposition is against it because it worries the bill could be used as a simple way to spy on people.
You can read the full text—including new amendments—of the Cyber Intelligence Sharing and Protection Act on the Permanent Select Committee on Intelligence's website and track its amendment progress to see if the language is tightened up as it heads to the Senate. If you find yourself against CISPA, civic organization Avaaz has a petition and Demand Progress has set up links to contact your representative.
Photo by Leremy (Shutterstock).