What Is CISPA? Is the Latest Version Any Different?
What is CISPA, and how is the current version of the bill different than in years past?
In President Obama's 2015 State of the Union address, he urged Congress to "finally pass the legislation we need to better meet the evolving threat of cyberattacks." One bill that's been introduced is the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow technology companies to voluntarily share private subscriber information with law enforcement regarding potential threats to computer networks.
This is actually CISPA's third time being proposed by Congress. The proposed Act dates back to 2011, when it was introduced; the bill passed the House of Representatives in 2012 but not the Senate. CISPA was proposed again in 2013; it again passed the House but then died before it could be voted on in the Senate.
3rd Time: More of the Same
So how is the latest version of CISPA different from the old ones? You know, the one that President Obama expressed concern about back in 2012 because of its privacy concerns? We'll let this Gizmodo headline tell you: "The New CISPA Bill Is Literally Exactly the Same as the Last One."
Here's what the Act would do: It would allow a "cybersecurity provider," with the consent of a "protected entity" for which it provides cybersecurity, to share information relating to "cyber threat information" to the Department of Homeland Security.
Huh? This sounds like a terrible cyberpunk movie, possibly starting Angelina Jolie and Matthew Lillard (and Penn Jilette, for some reason).
In addition to coming straight out of the 1980s, all of these terms are fairly nebulously defined, meaning any company that monitors its networks (which is to say, all of them) can hand over private information (such as email message content) to the federal government relating to attempts to obtain unauthorized access to a network, degrade a network, or get information out of a network.
If You Give a Special Agent a Cookie...
Obama's support of CISPA in the State of the Union follows the unveiling of a new White House initiative to protect America's networks. The initiative is undoubtedly motivated by the recent hacks into Sony's internal network, which the FBI insists North Korea is responsible for. Even so, no one has made the claim that allowing law enforcement more access to private content would have stopped the hack.
Gizmodo does charitably observe that the bill is not inherently anti-privacy, but experience teaches us that once the government is given a new weapon, it wields it enthusiastically. Remember the USA PATRIOT Act, which promised that we'd be able to catch terrorists with less-than-probable-cause "national security letters"? Almost 15 years later, what are we using them for? Regular old drug offenses. Giving the government access to private user information for no other reason than an online provider has a suspicion about something seems like it could be ripe for abuse.
Editor's Note, January 20, 2015: This post has been updated with a quote from President Obama's State of the Union address.
Related Resources:
- Forget SOPA, You Should Be Worried About This Cybersecurity Bill (TechDirt)
- CISPA is Back: FAQ on What it is and Why it's Still Dangerous (Electronic Frontier Foundation)
- What Does CISPA Mean for Defense Attorneys? (FindLaw's Technologist)
- Cybersecurity Bill Passes the House, But What's Next? (FindLaw's Technologist)
Was this helpful?