Although the demise of SOPA is behind us, citizens of the Internet may have new cause for concern. The Cyber Intelligence Sharing and Protection Act (CISPA) has been gaining momentum and while it is distinctly different than SOPA, some argue it may even be worse than the aborted bill. Even if it isn't, at the very least, it does bring up the importance of security versus a right to privacy and what that means in today's digital world.
Unlike SOPA, which was an intellectual property-specific bill focused on seizing domain names and -- in some cases -- making private companies judge, jury and executioner, CISPA is more about national security and intelligence gathering.
In a nutshell, CISPA allows the government to request otherwise confidential information about individuals from private companies, like ISPs. That's nothing new, nor does it punish companies who don't comply with such requests. However, despite its seeming absence of teeth, it's true purpose is to grant federal criminal and civil protection to companies who do choose to cooperate. Under this bill, if federal authorities think you're up to no good, they can request your Facebook records, your ISPs logs and your Xbox Live history and essentially spy on you -- no warrant, probable cause or even a courtesy letter is required. Companies who do divulge whatever private information they have about you to the federal government can't be sued or prosecuted. This makes it much more likely that private actors will cooperate.
EXEMPTION FROM LIABILITY - No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith -- (A) for using cybersecurity systems or sharing information in accordance with this section; or (B) for not acting on information obtained or shared in accordance with this section.
Opponents of the bill, like the Electronic Frontier Foundation (EFF), say CISPA is a clear violation of Fourth Amendment rights and sharply criticize the broad language of the bill. Others say it isn't so bad. Even so, this anti-CISPA petition had racked up over 650,000 signers at the time of this writing.
Worst of all, the stated definition of "cybersecurity purpose" is so broad that it leaves the door open to censor any speech that a company believes would "degrade the network." Parts of the proposed legislation specifically state that cybersecurity purpose includes protecting against the "theft or misappropriation of private or government information" including "intellectual property." Such sweeping language would give companies and the government new powers to monitor and censor communications for copyright infringement. It could also be a powerful weapon to use against whistleblower websites like WikiLeaks.
Although there are many differences between CISPA and SOPA, proponents and opponents of each bill will likely find they overlap a great deal. It's worth noting that despite the differences, the reach of CISPA does specifically include intellectual property theft. Because of the broad language of the bill, it may inadvertently include many other aspects of our digital world as well.
Information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from efforts to degrade, disrupt, or destroy; or theft or misappropriation of private or government information, intellectual property or personally identifiable information.
Currently, the bill enjoys strong support on the house floor (about 100 members) and the support of at least 28 companies like Microsoft, Verizon, AT&T, Facebook (pdf) and Intel. Many of the same companies that currently support CISPA had denounced SOPA earlier this year. However, businesses may be discovering that CISPA aligns with their best interests as the legislation could effectively offload some aspects of user regulation to the federal government.