4 Things to Know About CISPA
On Thursday, the House passed the Cyber Intelligence Sharing and Protection Act (HR 3523) by a 248-168 vote. The bill, commonly known by its acronym, CISPA, aims to make it easier for government agencies and private industry to share information about cyber threats. But all that information-sharing worries privacy advocates and civil libertarians, who say the bill lacks safeguards against abuse. Supporters like Rep. Mike Rogers (R-Mich.), who introduced the bill last November, insist that it is a necessary step in cracking down on illegal hacking and foreign spying, and would not be used to target things like file-sharing sites and free speech on the internet.
Now that the bill has passed the House, the focus shifts to the Senate, which is crafting an alternate version of the bill that could be voted on as early as May. Here are four things to know about CISPA.
1. Those for, those against. The usual suspects on both sides—rights organizations, consumer groups, big business, telecommunications—came out to endorse or condemn the bill. Here are some big names that have issued ringing endorsements of CISPA:
- Time Warner Cable
- US Chamber of Commerce
- Lockheed Martin
- Cyber, Space & Intelligence Association
- National Defense Industrial Association
- The Heritage Foundation
…and some key players that have denounced the bill:
- Fight for the Future
- Sunlight Foundation
- Reporters Without Borders
- American Library Association
- Free Press
- Electronic Frontier Foundation
- American Civil Liberties Union
- Demand Progress
2. The vague language. As with charges leveled at other recent controversial pieces of legislation, much of the debate over CISPA is about what the language in the bill actually means. CISPA would allow and encourage companies and government agencies to share internet users' information with each other without court orders or subpoenas so long as the company or agency can cite a "cybersecurity purpose." Proponents say that this will allow companies facing online attacks to report intrusions to the government and get help promptly without having to worry about unnecessary red tape. Critics, however, say there is a substantial potential for abuse in the vagueness of the phrase "cybersecurity purpose." "Right now, companies can only look at your communications in very specific, very narrow situations," Trevor Timm, a blogger and activist at the Electronic Frontier Foundation, told the Daily Beast on Monday. "The government, if they want to read them, needs some sort of warrant and probable cause. This allows companies to read your communication as long as they can claim a cybersecurity purpose."
It's widely known that many major companies—including Facebook and Time Warner, for instance—already share plenty of user information with federal authorities in the interest of monitoring for national security threats or cyber crime. The concern here is that the bill would allow authorities to disregard the standard practice of subpoenas and court orders in such scenarios. "Essentially, this bill would preempt…other laws related to privacy," Greg Nojeim, a senior counsel at the Center for Democracy and Technology, told Mother Jones.