…but that doesn’t mean it’s necessarily a good thing, either. CISPA, which stands for Cyber Intelligence Sharing and Possession Act, focuses its sights on the prevention of cyber threats; SOPA was all about intellectual property. Critiques of SOPA (the Stop Online Piracy Act, which was preceded by PIPA, the Protect IP Act) were mainly focused on how it might violate the First Amendment because of the provision that internet service providers could have been able to block websites that contained material in violation of copyright laws. As seen on January 18th, when as many as 7,000 websites went dark in protest of SOPA, the vast majority of internet citizens and companies opposed the bill. In contrast, support for CISPA has been more divided.
So what does CISPA allow, in the name of increasing internet security and thwarting the efforts of cyber criminals? Private companies – read internet service providers and online entities such as Facebook – and agencies of the U.S. government – both military and intelligence – would be able to freely share any information that could be judged as relating to “cyber threats.” Companies who share private information would be protected from any liability for doing so as long as the data shared falls under the umbrellas of cyber security or national security. Furthermore, companies are not required to remove sensitive details from the information they share. All of this adds up to a bill that organizations such as the ACLU say could violate the Fourth Amendment, which protects citizens against unlawful searches and seizures.
The main problem with CISPA is that cyber threats and cyber security are both ill-defined terms. Overly broad language throughout the bill increases the likelihood that it will be abused and misused and that ordinary, law abiding internet users could have their confidential information placed in the hands of powerful governmental military and security agencies such as the NSA. Some proposed amendments would narrow the scope of the bill as well as placing limits on the type and amount of data collected; whether any of these amendments will pass in currently unclear. Another issue with the current incarnation of CISPA is that information may be retained indefinitely once gathered and distributed. In many ways, CISPA is analogous to the infamous Patriot Act, passed in the wake of September 11th with immense public support but reviled after closer examination.
Before dismissing CISPA entirely, its potential upsides need to be examined. By removing barriers to the flow of data related to internet security, private corporations would be able to collaborate without fear of liability to identify and eliminate vulnerabilities and flaws in their security plans. This could potentially increase the efficiency and effectiveness of response to security threats, ultimately benefiting the end users of online products and services. Companies such as Facebook and Microsoft have thrown their support behind CISPA for this reason. There could also be national security benefits. However, the general consensus appears to be that the potential for abuse and misuse of CISPA is currently too great, and that a serious reworking of the bill would be necessary for it to pass into law. President Obama has promised to veto the measure if it passes the Senate and ends up on his desk.
In the Senate, CISPA will go up against other internet security acts proposed by Sen. Joe Lieberman and Sen. John McCain. Whether or not vocal online protest and comparisons to SOPA will stop it remains to be seen.