TechSpot means tech analysis and advice you can trust. Read our ethics statement.
It's back. The U.S. House Intelligence Committee has reintroduced its controversial "Cyber Intelligence Sharing and Protection Act" in a second attempt to pass the bill. Originally unleashed last year, CISPA slipped passed Congress but was aborted by the Senate following a White House guarantee that it would be emphatically vetoed into oblivion.
CISPA is a controversial bill which grants "certified entities" the ability to eavesdrop on electronic communications and freely access otherwise private information regarding individuals and organizations. Rather than granting new governmental powers which ignore privacy and civil liberties, the bill takes an inverted approach: it encourages private companies to share their users' data with security agencies and other certified entities.
Although companies are currently be prohibited from divulging user information due to privacy and contract laws, CISPA would grant participating enterprises broad legal immunities. The bill allows companies like Microsoft, Google or Facebook to give cybersecurity entities, like the NSA, any and all data about their users without fear of legal repercussions. All CISPA requires is that entities act in "good faith" and base their decisions on "cybersecurity threat information" – broad terms that don't necessarily guarantee accountability.
EXEMPTION FROM LIABILITY - No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith – (A) for using cybersecurity systems or sharing information in accordance with this section; or (B) for not acting on information obtained or shared in accordance with this section.
Source: CISPA bill (pdf)
Justifying its reintroduction, Senator Mike Rogers (R-Mich.) said, "American businesses are under siege". He added, "We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately."
CISPA also creates avenues to share information, potentially transforming the bill into a perpetual "back door" intelligence program with immunity from the Freedom of Information Act (FOIA). As a result, there is essentially no public transparency, either.
CISPA's return from the grave has brought with it no changes – the bill remains a pristine copy of the 2012 version which failed in the Senate. However, it's unclear if CISPA will fail a second time. Some believe CISPA has a better chance of surviving due to a recent cybersecurity order issued by the White House. However, the executive order both overlaps and conflicts with CISPA, demanding "unclassified" reports and the protection of privacy and civil liberties.