The Cyber Intelligence Sharing and Protection Act, better known as CISPA, is being debated on at the House this week. The House of Representatives is likely to vote on CISPA on Wednesday or Thursday. If the House passes the bill, the Senate would later have to approve the bill or merge it with another. In addition for the bill to fully pass, the President would have to approve and sign.
What is CISPA? CISPA, is a House cybersecurity bill introduced by Representative Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) in November, 2011. The bill is in reaction to cyber threats caused by hackers and criminals. CISPA seems to bring up some similar privacy issues in another blog post written in this class.
Philip Bump summarizes the implications of CISPA nicely in his article. ”The legislation creates a two-way street for information to be shared between the government and companies that do business on the Web: Internet service providers, social media companies, telecommunications firms. If enacted, CISPA would let the government, when necessary, provide otherwise restricted information about cyberthreats to private sector partners. The companies, meanwhile, would be free to share information about user behavior with federal authorities.” This in layman terms means that companies could potentially read personal emails, look at files downloaded and release other personal information to the government.
The bill currently has 112 co-sponsors in the House of Representatives. The White House recently has chimed in on CISPA. They wanted to caution Congress that they do not fully support CISPA unless certain protections are included. The White House expressed that any cybersecurity bill “must include robust safeguards to preserve the privacy and civil liberties of our citizens.” The technology industry has shown strong support for CISPA. Facebook, Intel, and Microsoft have all written letters in support of the legislation. These companies are among the many that have expressed support for CISPA. Recently, several companies have been reluctant to fully voice their opinions on CISPA.
Facebook has been asked several times by non-supporters of CISPA to denounce their support for CISPA. Joel Kaplan, Facebook’s Vice President-U.S. Public Policy has responded to this demands in a blog post. Facebook, has defended its support by stating the bill does not require companies to share its users data with the government or any other site under CISPA. In fact, Facebook says CISPA does not require Facebook to share more information than it already does which does not include user data. Facebook, mainly supports the legislation because it enables the government to quickly share vital information about cyber threats to companies which would help protect Facebook’s network and their users.
CISPA, like SOPA has received an abundance of backlash from privacy advocates and organizations. Last week, was declared a “week of action” by CISPA opponents. The CISPA opponents include groups like the Electronic Frontier Foundation, Center for Democracy and Technology, and the Americans Civil Liberties Union , The “week of action” proved to cause almost no reaction by supporters from the House of Representatives. In fact, the amount of co-sponsors for CISPA last week increased.
CISPA, is believed by opponents to be worded far too vague and causes several privacy implications. The legislation does a poor job of regulating the scope of information that may be provided to the government and in turn how that information is used by the government. Private information that has no relation to cyber security threats could be received by the National Security Agency and used in a non-cyber security purpose. The largest concern for CISPA is the fact that it “promises immunity from lawsuits for companies and agencies that share information “in good faith,” without telling users exactly what information of theirs is being shared, or when.” Agencies or companies merely have to state that they made a decision based on cyber threat information.
My View on CISPA
CISPA, seems to have too much momentum in Washington D.C. and support from large technology firms to fail. Also, the White House has not ruled out completely that they will not support the bill. I believe the core of CISPA is good intentioned and would help prevent many of the cyber security intrusions. The extent of the cyber security danger to companies and the government is illustrated almost daily. It seems almost every week there is a breach of a companies computer network that exposes users private financial information. This crime pales in comparison to other crimes ill intentioned hackers could cause. For example, hackers could potentially break into the network of a nuclear power plant or a large dam. The dangers from from cyber security threats are definitely not something to take lightly. However, these dangers need to be balanced with privacy rights because they too are very important. I think the Facebook representative made the mistake of omitting the fact that even though they are not required to provide information, they still have the power to provide information.
The most disturbing aspect of CISPA is the unaccountability of companies when they release information to the government. The exemption from the Freedom of Information Act is very disgruntling. This is one of the few ways to keep a check on agency action. Also, cyber security is a very vague term. This should not be the words that action can pivot on unless it is defined unambiguously in the bill.
I believe the cause of many concerns is because of the social media aspect of many internet-based companies. People almost treat some social media sites as personal diaries and post about their most personal moments. CISPA, needs to be amended so that this type of information is in no shape or form threatened to be collected. The writers of CISPA need to remember the core of the founding principles of the bill. The bill is meant to improve cyber security by increasing the flow of “relevant” information between the government and companies. Amending CISPA should narrow the scope of the bill to the point where it is doing its job and not being another “big brother.”