CISPA is an amendment to the National Security Act of 1947 that would allow the U.S. government and businesses to more easily share information about cyberattacks. The government would be able to share what it knows about security threats with businesses, including Web services such as Facebook. Those businesses would be able to share their own information with the government, though doing so would not be mandatory.
(RELATED: Just the Facts on CISPA)
Critics, such as the Electronic Frontier Foundation and American Civil Liberties Union, have argued that the bill’s broad language opens the door for censorship — for instance, by defining intellectual property theft as a type of cyberattack — and doesn’t put any limits on the sharing of personal data. Also, the bill supersedes any other privacy laws, and information sharing would be exempt from the Freedom of Information Act.
Proposed changes would, however, add more liability for the government and restrictions for businesses. In one proposed amendment, the government would be liable for monetary damages if it willfully misuses shared information. In another, businesses would be prohibited from sharing cyber threat information with outside entities besides other approved businesses and government agencies.
In addition, a pair of amendments approved last week call for an annual review — but still no Freedom of Information Act disclosure — of information sharing, and spell out that companies can’t make quid-pro-quo deals with the government, where they only get information if they share back.
Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.