Just months after the internet censorship bills SOPA and PIPA were taken off the floor, a new and similarly scrutinized bill, the Cyber Intelligence Sharing and Protection Act (CISPA) has been gaining momentum and support from big technology companies like Microsoft, Facebook, IBM, and others. Although the bill is fundamentally different than SOPA it raises many of the same privacy concerns. Let's take a look at the basics of how it might work and dig into why tech companies are currently supporting the bill.
The Basics of CISPA
If passed, CISPA would amend the National Security Act of 1947 to allow government agencies to swap customer data from Internet service providers and websites if that data is a threat to "cyber-security." On a basic level the bill is meant to provide a means for companies and the government to share information with one another to fight against cyber threats. These threats are defined as:
Information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from efforts to degrade, disrupt, or destroy; or theft or misappropriation of private or government information, intellectual property or personally identifiable information.
CISPA currently has over 100 co-sponsors in Congress and 28 corporate supporters. While CISPA's similarities to SOPA and PIPA (here's a refresher on both if you need it) aren't immediately visible, activists are claiming CISPA is a cause for concern.
The differences between CISPA and SOPA are pretty clear. CISPA makes it possible for private companies to share potential cyber threat information with the government if the government concludes it needs it for cyber security information (and vice versa). SOPA gave courts the power to remove DNS listings if a site was hosting copyrighted information. CISPA is more about security whereas SOPA was about intellectual property.
Why Technology Companies Are Supporting CISPA
The main reason companies are supporting CISPA is because it takes the pressure to regulate users off the private company. SOPA required private companies to keep track of what its users were doing and held private companies liable for its users. CISPA transfers that role and responsibility over to a government entity. Effectively, it makes it so a company cannot be sued by a user for handing their information over to the law.
Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users. Through timely sharing of threat information, both public and private entities will be able to more effectively combat malicious activity in cyberspace and protect consumers.
CISPA transfers the burdensome task of regulating its users content and activity to a government entity and this makes a company's job simple. For instance, if you were posting code snippets of a proposed cyber attack on your private Facebook page the government could request the information and Facebook would be able to hand over every piece of information they have on you immediately. However, this is an entirely voluntary step. If Facebook said no, the government agency asking for the information would have to find another means to get the information. From a company's perspective, CISPA is an opportunity to share information about potential cyber attacks with a branch of the government that could act on it. Where SOPA sought to block the rights of users and punish companies who allowed its users to do illegal things, CISPA offers companies a place to send that information to.
On the surface it's not that horrible of a thing, but activists worry about the language used in the bill and how it could be construed in a variety of ways to violate a person's privacy.
Why Technology Rights Groups Are Worried About CISPA
Much like SOPA, the wording in CISPA is broad and the broadness is the root of many of the concerns. A number of activists and rights groups have spoken out against the bill, including Anonymous who reportedly took down trade websites USTelecom and TechAmerica's in retaliation for their support. Digital rights group The Electronic Freedom Foundation (EFF), spoke out against CISPA last month in a statement that targets the broad language used in the bill:
The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines "cyber threat intelligence" and "cybersecurity purpose" to include "theft or misappropriation of private or government information, intellectual property, or personally identifiable information."
Yes, intellectual property. It's a little piece of SOPA wrapped up in a bill that's supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
The language the EFF is referring to is in the bill's definition of cybersecurity and what constitutes a threat. The above example provided by the EFF is an extreme one, but the privacy implications of the broadly defined "cybersecurity threat" is the cause for concern among CISPA's opposition. On top of using CISPA to fight against piracy it's feared the information gathered would be released too easily and would violate the Fourth Amendment because it offers a simple, warrantless means to acquire personal data.
Companies like Facebook and Microsoft are supporting CISPA because it's beneficial for them to do so where SOPA could have potentially harmed their business. The opposition is against it because it worries the bill could be used as a simple way to spy on people.
You can read the full text (it's surprisingly short) of the Cyber Intelligence Sharing and Protection Act on the Permanent Select Committee on Intelligence's website and track its amendment progress to see if the language is tightened up over the coming weeks. If you find yourself against CISPA, civic organization Avaaz currently has over 600,000 signatures on a petition and Demand Progress has set up a link to contact your representative.
Republished from lifehacker.com