Privacy advocates fear sharing confidential information will lead to abuse.
Amid concerns about threats to individual privacy, CISPA, the Cyber Intelligence Sharing and Protection Act, passed the House of Representatives late last month. The bill aims to enable information sharing between the federal government and the private sector to help stem the rising tide of cybersecurity threats.
Proponents of the legislation — introduced by Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md. — argue that sharing intelligence about hacking attempts and other impending threats to Internet security between the public and private sectors would help diffuse potential threats more quickly, and therefore, more effectively secure networks from attacks.
Some have likened CISPA to the ill-fated anti-piracy legislation called SOPA, which was backed by many big entertainment conglomerates but opposed by Facebook and other large Internet companies. Unlike SOPA — the Stop Online Piracy Act — which died in Congress earlier this year, CISPA does have the backing of many prominent business and trade organizations, like the United States Chamber of Commerce, the National Cable & Telecommunications Association and the Internet Security Alliance. A long list of private-sector companies including Facebook, IBM, Symantec and AT&T are also on board.
In a letter sent to Rogers and Ruppersberger, Joel Kaplan, Facebook’s vice president of U.S. public policy, expressed the company’s support for CISPA: “Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users. Through timely sharing of threat information, both public and private entities will be able to more effectively combat malicious activity in cyberspace and protect consumers.”
Critics of CISPA include privacy and transparency advocates like the American Civil Liberties Union and the Sunlight Foundation, which argue that the potential for abuse is much too great. In a recent blog post, Sunlight Foundation Policy Director John Wonderlich said, “The bill proposes broad new information collection and sharing powers. ... Even as the bill proposes those powers, it proposes to limit public oversight of this work.”
It has been widely reported that President Barack Obama has similar concerns about the bill’s insufficient privacy protection, and will veto the bill. CISPA has vocal critics in Congress as well. Rep. Jared Polis (D-Colo.) stated during the House deliberations that the law would "waive every single privacy law ever enacted in the name of cybersecurity. Allowing the military and NSA [National Security Agency] to spy on Americans on American soil goes against every principle this country was founded on."
Enhanced privacy protections and more explicit limits on how data is used are being proposed in an attempt to garner the necessary support for passage of CISPA.
According to The Washington Post, Senate leaders prefer a competing piece of legislation that would require electricity companies and other providers of critical services to develop their own standards for cybersecurity, subject to the approval of the U.S. Department of Homeland Security. The proposed Senate bill also includes language on information sharing. Senate leaders hope the legislation will be considered this month.