The U.S. House of Representatives passed the Cyber Information and Security Protection Act late Thursday despite concerns over user privacy, the specter of SOPA/PIPA, and a veto threat from the Obama administration. The idea behind CISPA is to empower the government and corporations to work together to better protect American infrastructure from foreign attacks. But many civil liberties groups say the bill is too broad and threatens user privacy.
The Center for Democracy and Technology said it is “disappointed that CISPA passed the House in such flawed form.” And the Electronic Frontier Foundation condemned the vote, saying it “would allow companies to bypass all existing privacy law to spy on communications and pass sensitive user data to the government.”
There’s little doubt that online security is a serious issue for large corporations. Recent reports of online security breaches have involved such high-profile targets as Google, security firm RSA, Verisign, and credit card processing company Global Payments. But whether CISPA is the right legislation to tackle those concerns is hotly debated.
So what is CISPA? Should you be concerned about this legislation? Here’s what you need to know.
What Does CISPA Do?
CISPA allows the government to share classified information about security threats with select American companies. These corporations can then use that information to better protect their infrastructure such as computer networks containing intellectual property and trade secrets. The bill also allows corporations to share information relating to cyber security with the authorities and protects those companies against privacy lawsuits. Critics say an Internet Service Provider would be free to share a customer’s private communications such as e-mail and instant messages without a court order if the information related to a cyber security concern.
CISPA allows this information to be used not only to protect against cyber attacks, but also to protect individuals from bodily harm, protect children from sexual exploitation, and for general American national security.
CISPA would shield companies from privacy-related lawsuits brought by customers. And corporations could share information relating to cyber security with each other without fear of the government bringing an antitrust suit against them.
Who Supports the Bill?
CISPA has broad support in the House of Representatives (you can find the CISPA vote count here), and many well-known tech companies and trade associations also support the bill including AT&T, CTIA, Facebook, IBM, Intel, Microsoft, Oracle, Symantec, and Verizon. You can find a list of CISPA supporters here.
What are the Critics Saying?
Most critics are concerned that CISPA, if it became law, would allow for widespread surveillance of online personal communications. The American Civil Liberties Union says “CISPA gives companies the authority to share [private and sensitive] information with the National Security Agency or other elements of the Department of Defense, who could keep it forever.”
The Center for Democracy and Technology raised concerns over two core issues in CISPA: “the flow of information from the private sector directly to NSA and the use of that information for national security purposes unrelated to cyber security.”
“We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” Committee Chairman Rep. Mike Rogers (R-Michigan) says. “America will be a little safer and our economy better protected from foreign cyber predators with this legislation.”
Now that CISPA has passed the House it moves on to review in the Senate, which is also considering its own legislation on cyber security. It’s not clear what kind of reception CISPA will receive there. Attempts by PCWorld to reach several senators for comment were unsuccessful. However, one congressional staff member, who declined to be identified discussing CISPA before it reaches the Senate floor, says lawmakers were caught off guard by the outcry over the SOPA/PIPA online antipiracy legislation earlier this year. Public reaction to CISPA could have a big impact on the Senate vote, the source said.
If CISPA were to pass the Senate it could also be stopped by President Obama. On Wednesday, the Obama Administration issued a statement [PDF] saying that the president’s advisers have recommended that he veto the bill. “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens,” the statement says.