The Cyber Intelligence Sharing and Protection Act (CISPA) is a cybersecurity bill that that House is to vote on next week. CISPA is a different creature than SOPA, the Stop Online Piracy Act that the tech and online community rallied against in January due to how it would have given digital-rights holders far-reaching powers to shut down websites that were deemed to “enable or facilitate” copyright infringement. As Timothy B. Lee writes on Ars Technica, while both bills seek in some way to limit the rights of internet users, their focus is different.
CISPA Is Not SOPA, But…
SOPA was concerned with intellectual property rights and an early version of CISPA made mention of such. As Will Oremus writes on Slate, CISPA’a bill’s bipartisan sponsors, Reps. Mike Rogers of Michigan and Dutch Ruppersberger of Maryland, removed such a phrase last week. CISPA’s focus is privacy rights: The legislation is intended to protect websites and the government from hackers by giving internet companies the authority to reveal confidential records and other communications. The government and private companies would be able to share information about possible security threats, such as a malware attacks.
But as Lee points out,
Network administrators and security researchers at private firms have shared threat information with one another for decades. And the law also allows information sharing between private firms and the government in many circumstances. For example, a private company is already free to notify the FBI if it detects an attempt to hack into its network.
Laws such as the 1986 Electronic Communications Privacy Act do regulate how and when network providers can reveal the contents of users’ electronic communications; other laws protect the privacy of health care records, financial information, educational records, video rentals and more. Lee argues that CISPA remains too broad and not sufficiently precise about what would be regulated as a potential cybersecurity threat. In its current incarnation, CISPA also does not provide for any judicial oversight to ensure that any definition of cybersecurity is followed.
Oremus lists some additional ways in which CISPA is just unclear about what kinds of materials it could authorize the government and companies to collect if they were judged threats to cybersecurity:
The bill’s current language authorizes the sharing of “information pertaining directly to a vulnerability of, or threat to, a system or network of a government or private entity.” Could that information include users’ names, addresses, and credit card numbers? Records of other sites they’ve visited? The bill doesn’t say. How does a company decide whether there’s enough reasonable suspicion to justify sharing a given user’s data? It doesn’t explain that either.
Who Supports CISPA: Some Companies You May Know
Supporters of CISPA include over two dozen trade associations who have lauded the “greater sharing of information” CISPA would provide in a letter to Congress (PDF). Cordell Carter, VP of the Business Roundtable, claims that CISPA enables a “sharing of cybersecurity information between the government and the private sector in a manner that is effective but not overly intrusive” (suggesting that this “sharing” is still somewhat intrusive). While the tech community made a concerted effort to defeat SOPA,the House Intelligence committee has letters of support from the likes of Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T and Intel.
Photo by Defence Images
Disclaimer: The views expressed above are solely those of the author and may
not reflect those of
Care2, Inc., its employees or advertisers.