CISPA: Just the Facts
The Cyber Intelligence Sharing and Protection Act, or CISPA, would give private companies new ways to share information about cyber-threats
By Jared Newman
April 15, 2012 — PC World — Internet activists are sounding the alarms on the Cyber Intelligence Sharing and Protection Act, or CISPA, a bill that's headed for a vote in the U.S. House of Representatives.
CISPA would give private companies new ways to share information about cyber-threats with the U.S. government, and vice versa. Although its purpose is quite different from SOPA and PIPA--the anti-piracy bills that were protested out of Congressional consideration last January--CISPA has angered many of the same opponents due to its promise of broad new powers for the government. (The use of a catchy acronym probably helps, too.)
But is CISPA really as bad as its detractors are claiming? Read on for a full explanation
The Basics on CISPA
CISPA would allow the U.S. government and private companies to communicate more freely about cyber-security threat information. The intelligence community would be allowed to share threat details with private companies, and companies would be encouraged to share their own knowledge, though doing so would not be mandatory.
Private companies would only be allowed to use information to protect themselves and their customers--not to gain a competitive advantage--and, in doing so, would be protected from lawsuits. The information shared would be exempted from public disclosure.
Arguments Against CISPA
Groups like the Electronic Frontier Foundation and the American Civil Liberties Union argue that CISPA is too broad. By using vague language, the EFF argues that companies could use the bill to filter content, monitor e-mails, and block access to websites. And, although the bill has little to do with SOPA and PIPA, it does define intellectual property theft as a type of cyberattack, raising concerns that content owners could use the bill to censor websites.
Critics also worry that the bill doesn't limit the type of information that can be shared. "We just want people to know that Congress is on the verge of giving the government incredible new authorities to collect sensitive and personal Internet information and emails," Michelle Richardson, a legislative counsel for the ACLU, told Politico.
The Sunlight Foundation notes that shared data between the government and businesses would be exempt from the Freedom of Information Act. "The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities. CISPA dismisses it entirely, for the core activities of the newly proposed powers under the bill," The Sunlight Foundation wrote in a blog post
In Defense of CISPA
The bill's sponsors, Reps. Mike Rogers, R-Michigan and Dutch Ruppersberger, D-Maryland, argue that the government wants to help companies fend off cyberattacks from foreign countries and hackers, but lacks the legal means to do so. CISPA would allow the government and businesses to communicate more freely.