Cyber Intelligence Sharing and Protection Act (CISPA) and You

The Cyber Intelligence Sharing and  Protection Act (CISPA) has been a dominating news topic in the world of internet law since the House of Representatives passed their version last week.  Most of the coverage has been dominated by rhetoric of one sort or another by differing sides of the debate.  Most of the argument has concerned overarching principals, but very little of it has discussed how it affects individuals.  Is it the 300lb gorilla that would reduce individual liberty to a mere shaddow of an ideal?  Does it affect the type of cyber security necessary to protect our national security as a whole?

What does CISPA require you to do?

In the most simplest terms, absolutely nothing.  CISPA creates no obligation whatsoever for anyone using the internet for personal or business purposes.  It does not even require corporations to report potentially threatening internet activity.  Internet service providers are not required to limit bandwidth of possible copyright offenders.  Google is not required to keep internet search records (yeah they do anyways).  No one is required to do anything at all?

Wait, how then does CISPA affect me?

While CISPA does not require anyone to do anything, it allows corporations to gather information on users, analyze them (yes they often do this for commercial purposes anyways), and share any of this information, including intellectual property information, for building of internet infrastructure.  Any information that that pertains to protecting their network may also be shared with the National Security Agency.  On top of that, the bill affords protection against privacy lawsuits for companies who engage in this activity.  Say, for example, you sign up to use a social networking product, and the licensing agreement states that the social network site will not use your information for their benefit (no social network company would do this in their right mind, but lets just say this for hypothetical purposes).  If the company sells your information  for the purpose of “affording protection of their network”, or decides to leak a picture to the government of you downing a fifth of Jack Daniels at a Las Vegas beach party for “security reasons”, you would probably lose a lawsuit against them for invasion of privacy and breach of contract, even though it goes against the specific terms of the licensing agreement.

How come, if the purpose of the bill is for enforcement of cyber security, is this a possible affect? 

The Bill is worded fairly vaguely to where the cyber security purpose of the bill is overshadowed by the privacy implications of the bill.

Probable Veto

President Obama has threatened to veto the bill.  A White House press release states:

H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.