Category Archives: CISPA
The Cyber Intelligence Sharing and Protection Act (CISPA) has been a dominating news topic in the world of internet law since the House of Representatives passed their version last week. Most of the coverage has been dominated by rhetoric of one sort or another by differing sides of the debate. Most of the argument has concerned overarching principals, but very little of it has discussed how it affects individuals. Is it the 300lb gorilla that would reduce individual liberty to a mere shaddow of an ideal? Does it affect the type of cyber security necessary to protect our national security as a whole?
What does CISPA require you to do?
In the most simplest terms, absolutely nothing. CISPA creates no obligation whatsoever for anyone using the internet for personal or business purposes. It does not even require corporations to report potentially threatening internet activity. Internet service providers are not required to limit bandwidth of possible copyright offenders. Google is not required to keep internet search records (yeah they do anyways). No one is required to do anything at all?
Wait, how then does CISPA affect me?
While CISPA does not require anyone to do anything, it allows corporations to gather information on users, analyze them (yes they often do this for commercial purposes anyways), and share any of this information, including intellectual property information, for building of internet infrastructure. Any information that that pertains to protecting their network may also be shared with the National Security Agency. On top of that, the bill affords protection against privacy lawsuits for companies who engage in this activity. Say, for example, you sign up to use a social networking product, and the licensing agreement states that the social network site will not use your information for their benefit (no social network company would do this in their right mind, but lets just say this for hypothetical purposes). If the company sells your information for the purpose of “affording protection of their network”, or decides to leak a picture to the government of you downing a fifth of Jack Daniels at a Las Vegas beach party for “security reasons”, you would probably lose a lawsuit against them for invasion of privacy and breach of contract, even though it goes against the specific terms of the licensing agreement.
How come, if the purpose of the bill is for enforcement of cyber security, is this a possible affect?
The Bill is worded fairly vaguely to where the cyber security purpose of the bill is overshadowed by the privacy implications of the bill.
President Obama has threatened to veto the bill. A White House press release states:
H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.
First there was the cumbersome named and even more cumbersome acronym, Combating Online Infringement and Counterfeits Act (COICA). This bill died in committee. Then there was the more simply named and Stop Online Piracy Act (SOPA) and its brother in the Senate, Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA- originally PROTECT IP). SOPA was referred to committee on the House floor, PIPA was placed into permanent suspended animation in the Senate.
Now comes the Cyber Intelligence Sharing and Protection Act (CISPA). It doesn’t have the teeth of COICA, nor the cool acronym of SOPA and PIPA, but could it pass? It seems that every new version of this bill erodes the power and control of the federal government in exchange for either greater support or less opposition by corporate interests and digital rights advocates.
There are differences between SOPA and CISPA. First, CISPA does not put onus of enforcement on internet service providers. Under SOPA, ISP’s were required to strangle bandwidth from sites suspected of violating copyright. Instead the responsibility for protecting copyright is on the copyright holders themselves. CISPA also does not create a necessarily antagonistic relationship between internet companies and the government. Instead it encourages information sharing for the sake of increased cyber security. While shifting balance between privacy and cyber security will always be controversial, it may be necessary given the increase in cyber attacks over the past five years.
It maintains to be seen whether or not this bill can attain what SOPA and COICA couldn’t, enough bi-partisan support to pass and amend the national security act.