Having safely defeated SOPA and PIPA, and fatally wounded ACTA, along comes CISPA.
The Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), also known as H.R. 3523, is a cybersecurity bill in the House of Representatives. CISPA has been dubbed “the new SOPA,” the infamous anti-piracy bill called the Stop Online Piracy Act that was forced to retreat after hundreds of websites, including Blippitt, protested via mass blackouts.
While CISPA does not focus primarily on intellectual property, although that provision is in there, critics say the problems with the bill are just as serious.
Proposed to the House by Rep. Mike Rogers (R-MI) and Rep. C.A. “Dutch” Ruppersberger (D-MD) late last year, CISPA proposes to amend the National Security Act of 1947 to allow for increased sharing of “cyber threat intelligence” between the U.S. government and the private sector, or between private companies. The bill defines “cyber threat intelligence” as any information pertaining to vulnerabilities of, or threats to, networks or systems owned and operated by the U.S. government or U.S. companies, or efforts to “degrade, disrupt, or destroy” such systems or networks, or the theft or “misappropriation” of any private or government information, including intellectual property.
CISPA also removes any liability from private companies who collect and share qualified information with the federal government, or with each other. Lastly, it directs the Privacy and Civil Liberties Oversight Board to conduct annual reviews of the sharing and use of the collected information by the U.S. government.
You can read the full text of CISPA here.
Alarmingly, the bill now has 106 co-sponsors in the House, more than double the number SOPA ever had. Unlike SOPA, CISPA has support from some big tech players like AT&T, Verizon, Facebook, IBM, and Intel.
See a complete list of companies that support CISPA here.
According to Rep. Rogers, CISPA will help U.S. companies defend themselves “from advanced cyber threats, without imposing any new federal regulations or unfunded private sector mandate.” It will also create “new private sector jobs for cybersecurity professionals,” and protect “the thousands of jobs created by the American intellectual property that Chinese hackers are trying to steal every day.”
Rep. Ruppersberger had this to say about the legislation:
Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks — networks that power our homes, provide our clean water or maintain the other critical services we use every day. This small but important piece of legislation is a decisive first step to tackle the cyber threats we face.
So what’s everyone so worked up about?
The first main concern about CISPA is its “broad language,” which critics argue allows the legislation to be interpreted in ways that could infringe on our civil liberties. The Center for Democracy and Technology sums up the problems with CISPA this way, according to Digital Trends:
- The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
- The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
- It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
- Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited.
The Electronic Frontier Foundation (EFF) says that CISPA’s definition of “cybersecurity” is so broad that “it leaves the door open to censor any speech that a company believes would ‘degrade the network.’” Moreover, the inclusion of “intellectual property” means that companies and the government would have “new powers to monitor and censor communications for copyright infringement.”
In addition, critics caution that CISPA gives private companies the ability to gather and share data about their customers or users with immunity, meaning you can’t sue them for doing so, and they can’t be charged with any crimes.
According to the EFF, CISPA “effectively creates a ‘cybersecurity’ exemption to all existing laws.”
“There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes,’” the EFF continues. “That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats.”
In summary, there’s no doubt that cyber-attacks represent a real threat to this country and its technological infrastructure, but we must be wary of any bill that threatens our privacy and/or puts at the mercy of large corporations who cannot be held accountable for their actions.
Learn more about CISPA in the video below.
- SOPA Changes Name to CISPA (milkandcookies.com)
- Now CISPA? (urbanintell.com)
- Cispa (dvorak.org)
- CISPA: The New Internet Censorship Bill (zazenlife.com)