Home » Data Protection » Malware/Cybercrime

CISPA: Just the Facts

The Cyber Intelligence Sharing and Protection Act, or CISPA, would give private companies new ways to share information about cyber-threats

By Jared Newman

April 15, 2012 — PC World — Internet activists are sounding the alarms on the Cyber Intelligence Sharing and Protection Act, or CISPA, a bill that's headed for a vote in the U.S. House of Representatives.

CISPA would give private companies new ways to share information about cyber-threats with the U.S. government, and vice versa. Although its purpose is quite different from SOPA and PIPA--the anti-piracy bills that were protested out of Congressional consideration last January--CISPA has angered many of the same opponents due to its promise of broad new powers for the government. (The use of a catchy acronym probably helps, too.)

[Read the full text of the CISPA bill or a summary.]

But is CISPA really as bad as its detractors are claiming? Read on for a full explanation

The Basics on CISPA

CISPA would allow the U.S. government and private companies to communicate more freely about cyber-security threat information. The intelligence community would be allowed to share threat details with private companies, and companies would be encouraged to share their own knowledge, though doing so would not be mandatory.

Private companies would only be allowed to use information to protect themselves and their customers--not to gain a competitive advantage--and, in doing so, would be protected from lawsuits. The information shared would be exempted from public disclosure.

Arguments Against CISPA

Groups like the Electronic Frontier Foundation and the American Civil Liberties Union argue that CISPA is too broad. By using vague language, the EFF argues that companies could use the bill to filter content, monitor e-mails, and block access to websites. And, although the bill has little to do with SOPA and PIPA, it does define intellectual property theft as a type of cyberattack, raising concerns that content owners could use the bill to censor websites.

Critics also worry that the bill doesn't limit the type of information that can be shared. "We just want people to know that Congress is on the verge of giving the government incredible new authorities to collect sensitive and personal Internet information and emails," Michelle Richardson, a legislative counsel for the ACLU, told Politico.

The Sunlight Foundation notes that shared data between the government and businesses would be exempt from the Freedom of Information Act. "The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities. CISPA dismisses it entirely, for the core activities of the newly proposed powers under the bill," The Sunlight Foundation wrote in a blog post

In Defense of CISPA

The bill's sponsors, Reps. Mike Rogers, R-Michigan and Dutch Ruppersberger, D-Maryland, argue that the government wants to help companies fend off cyberattacks from foreign countries and hackers, but lacks the legal means to do so. CISPA would allow the government and businesses to communicate more freely.