What is CISPA?

What is CISPA

[UPDATE: CISPA has passed in the House 288-127]

CISPA is an internet security and intelligence bill. Today, personal privacy and cyber security are often at odds. Companies are stuck between compromising the confidentiality of their customers’ information, and in turn their trust, or potentially violating the law.

As a consequence, it is difficult for both companies and the government to find hackers and protect power grids and online infrastructure against assault. What CISPA does, is provide an exemption against civil and criminal penalties for gathering and sharing information between companies and the government about cyber threats.

Michigan Republican Mike Rogers is the sponsor of the bill, and has taken heat most recently for calling CISPA’s opponents, “14 year old basement dwellers.” Yet, opposition to the bill can be found on many fronts outside the threads on Reddit or libertarian forums. Opponents of CISPA include over 34 civil liberties organizations, an increasing pool of security specialists, academics and even the White House.

Proponents of CISPA argue that most of the opposition to the bill manifests from a conspiratorial fear that everyone in the government from the local police to the NSA will have easy access to our most confidential information. To dispel these concerns, the Intelligence Committee has issued a five page report called, “Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA).” Here are a few highlights:

  1. The legislation actually prohibits the expansion of any agency or current security authority and requires the government to “eliminate any personal information it happens to receive that is not necessary to understand the cyber threat.”
  2. They claim that CISPA has nothing to do with government surveillance. Rather, “it simply provides narrow authority to share anonymous cyber threat information between the government and the private sector.”
  3. Addressing concerns about the potential misuse of private information, the supporters state that there is a very narrow allowable use for the information going so far as to limit “the government’s permissible uses for cyber threat information by eliminating the national security use exception.”
  4. Regarding concerns over the government storing large amounts of personal information, “the bill prohibits the federal government from retaining or using information other than for the cyber threat purposes specified in the legislation.”
  5. Finally, the supporters are quick to point out that CISPA is not at all comparable to SOPA or PIPA. SOPA/PIPA concerned copyright infringement, whereas CISPA is about security.

Opponents of CISPA , who more skeptical of the government’s ability to always act with altruism, call the bill a “dangerously broad cyber security bill.” Among the concerns:

  1. CISPA is overly broad, “giving legal immunity to companies who share users’ private information, including the content of communications, with the government.”
  2. The bill authorizes companies to give information directly to the NSA, “a military agency that operates secretly and without public accountability.”
  3. Broad definitions that allow user information to be used for a range of purposes, for “national security” purposes, not just network security. They state that the “drafters of this legislation leave it unclear whether the term ‘cyber security system’ is trying to refer to a computer, a network of computers, security software, or something else entirely.”

If there is one positive aspect of the bill, it may be that the bill cuts past the usual partisanship that clutters a substantive debate. The two sponsors are Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD). Opponents include everyone from the far-left leaning Daily Kos to the Republican Tea Party supporting FreedomWorks.

After several rounds of revisions and amendments, the bill will be put up to vote later today. [UPDATE: CISPA has passed in the House 288-127] The bill can be read in its entirety here: H.R. 624.