Connect to share and comment

The digital world, explained.

CISPA: What's so bad about it?

The battle lines have been drawn over new legislation regulating the internet. But few seem to understand what exactly CISPA might do.
Cispa sopa 04 16 2012Enlarge
A protester demonstrates against the proposed Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) outside the offices of U.S. Sen. Charles Schumer (D-NY) and U.S. Sen. Kirsten Gillibrand (D-NY) on January 18, 2012 in New York City. The controversial legislation is aimed at preventing piracy of media but those opposed believe it will support censorship. (Mario Tama/AFP/Getty Images)

Internet activists are again putting lawmakers on the defensive, this time for their support of CISPA, the Cyber Intelligence Sharing and Protection Act. After their success in stopping the Stop Online Privacy Act, or SOPA, earlier this year, the activists are confident.

But Rep. Mike Rogers, CISPA’s sponsor, denies that CISPA is simply a new SOPA and he has support from unlikely places. Rogers argues that the new legislation would protect American networks from cyber-attacks and not enforce copyright laws. 

“Everyday US businesses are targeted by nation-state actors like China for cyber exploitation and theft,” Rogers said in a statement last month. “The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks."

Indeed, CISPA does appear to have more support than SOPA, including from some major tech companies like Facebook and Microsoft, which both opposed SOPA.

While the internet sharpens its digital spears, it's hard to determine what exactly would happen if CISPA becomes law. 

CISPA deals mainly with information sharing between the federal government and the private sector. As most cyber threat intelligence is classified, the bill seeks to create circumstances in which the government and intelligence agencies can provide information to private companies that would otherwise be classified. 

The bill says that the Director of National Security “shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private sector entities and to encourage the sharing of such intelligence.”

It then goes on to set parameters under which classified intelligence may be shared. These include sharing information with security-cleared personnel in different intelligence agencies, in the interest of national security in general and to protect the information from further disclosure.

While this in itself doesn't seem so bad, the Electronic Frontiers Foundation argues that the vague language could be manipulated and used by the US government to crackdown on sites like Wikileaks in the name of national security.

The bill states that the “sharing and use of classified intelligence” may be exchanged among agencies and private companies if “the classified cyber threat intelligence may only be shared consistent with the need to protect the national security of the United States."

The bill then established criteria under which members of the private sector may be granted temporary security clearances in order to have access to cyber intelligence information pertinent to their business interests. The bill also states that private companies may not use such information to gain a competitive advantage over their competitors and, in the case of the federal government, “shall not be used for regulatory purposes."

In order to make CISPA’s procedures transparent, the bill goes on to mandate that an annual, unclassified report be submitted to Congress detailing the any and all information shared under CISPA and make recommendations for improvements to the law. 

Congress is now making amendments to the bill to clarify the vague language.

Such amendments, however, have done little to quiet the opposition. Raising the eyebrows of some internet activists, one proposed amendment would include in the definition of "cyber intelligence" the “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Web activists say this definition is proof that CISPA is, indeed, a new SOPA and would be used to enforce copyright law.

http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/cispa-bad-or-good