CISPA Isn't the Evil, Privacy-Infringing Legislation You Think it is
The Cyber Intelligence Sharing and Protection Act has controls and limitations that make it less scary than it is portrayed by opponents.
Fri, March 15, 2013
PC World —
CISPA, or the Cyber Intelligence Sharing and Protection Act, was introduced last year by the ranking members of the House Permanent Select Committee on Intelligence--Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD). The legislation's goal is to establish a framework for government and private companies to share sensitive information in the effort to identify and block cyber attacks more effectively.
CISPA initially made it through the Senate, buoyed by support from a large number of high-tech companies like AT&T, Comcast, Oracle, Symantec and Microsoft. It laterA died on the vine, however, over concerns of Big Brother spying on American citizens. But now it's back again: Last month, its congressionalA sponsorsA resurrected the bill in response toA high-profile attacks against American targets during the last year.
The CISPA backlash
Yes, the bill is back, but CISPA hasn't gotten any more popular since last year. The EFF (Electronic Frontier Foundation), ACLU (American Civil Liberties Union), and other privacy advocacy groups are aligning to oppose the legislation once again. What's more, Facebook, an original supporter of theA legislation, just rescinded its support this week.
The ACLU shared with me a letter that was sent to congressmen Rogers and Ruppersberger on behalf of a coalition of concerned organizations. The letter expressed serious reservations with CISPA, calling out failure to establish civilian control over the information-sharing program; failure to require private organizations to strip personally identifiable information from data shared with the government; and failure to ensure iron-clad protection for the information that is shared.
Kurt Opsahl, senior staff attorney with EFF, explained to me, "The Mandiant report shows how much useful information could be shared without a new bill... The problems [with this bill] are fundamental, and probably too deep to fix with a compromise."
But, is the backlash warranted?
On April 16 of 2012, an amendment to the billA was aimed at tackling privacy concerns. There were questions over terminology, so the amendment clarifies what is meant by "cyber threat information" to ensure a narrower interpretation that does not include "intellectual property."
Some expressed concerns that the bill would authorize ISPs or service providers to block accounts or remove content. In response, the amendment specifies that the legislation is limited to identifying, obtaining, and sharing cyber threat information, and expressly states that the bill does not provide any authority to block accounts or delete information.