A controversial cyber-security bill known as CISPA is once again in the news. The House approved the bill last week, and it now moves to the Senate, but opponents of the measure are not going down without a fight. Today, in fact, hacker collective Anonymous is calling on websites to go dark in protest of CISPA as they did last year against the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA).
But what is CISPA and why is it creating such a ruckus? Why is it being compared to SOPA and PIPA? Let’s break it down.
What is CISPA? CISPA stands for Cyber Intelligence Sharing and Protection Act (CISPA).
What does it do? CISPA would allow for voluntary information sharing between private companies and the government in the event of a cyber attack. If the government detects a cyber attack that might take down Facebook or Google, for example, they could notify those companies. At the same time, Facebook or Google could inform the feds if they notice unusual activity on their networks that might suggest a cyber attack.
Sounds OK. What’s the problem? Backers argue that CISPA is necessary to protect the U.S. against cyber attacks from countries like China and Iran. But opponents said that it would allow companies to easily hand over users’ private information to the government thanks to a liability clause. This, according to the Electronic Frontier Foundation, “essentially means CISPA would override the relevant provisions in all other laws—including privacy laws.”
Is that true? The bill’s sponsors, Reps. Mike Rogers and Dutch Ruppersberger, say no. But amidst backlash over the vague wording in the bill, the congressmen introduced an amendment that would require the government to anonymize any data it turns over to a private company.
Did that do the trick? Not exactly. The White House has threatened to veto CISPA, in part because it does not require private companies to do the same and anonymize the data they hand over to the government. That would impose an onerous burden on private companies and perhaps deter them from participating in this voluntary program, backers claim.
What type of personal information are we talking about? According to the EFF, “CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files.” Bill sponsors, however, argued that CISPA is needed to keep that data safe, pointing to foreign hackers who have hit U.S. companies in an effort to steal information. The ability to share data about incoming cyber attacks as quick as possible could thwart the improper use of that data, they said.
—
Click below for the full article.