Tech in the House: CISPA Faces Congress

Takeaway: The controversial and divisive CISPA, or Cybersecurity Bill, has privacy advocates and the tech lobby at war.

UPDATE (April 26, 2012): CISPA passes the House: 248 to 168
Politico reported that the House passed the Cyber Intelligence Sharing and Protection Act (CISPA) with a vote of 248 to 168. Despite the White House's threats to veto CISPA, 206 Republicans voted in favor of the bill, versus 140 Democrats. Stay tuned as this story develops.

CISPA is on the fast track.

This week, the Cyber Intelligence Sharing and Protection Act (CISPA), or H. R. 3523, is set for debate and a vote in the House of Representatives. Privacy advocates and the tech lobby are at war, while odds appear to be stacked in CISPA’s favor. So what's all the fuss about? Here's what you need to know. (For some background on piracy legislation, check out SOPA and the Internet: Copyright Freedom or Uncivil War?)

What is CISPA?

CISPA - also known as the Cybersecurity Bill or the Rogers-Ruppersberger Cybersecurity Bill - is a National Security Act of 1947 amendment with provisions for detecting and sharing information about cyber threats while facilitating communication between the government and private sector entities, including tech businesses. CISPA’s agenda is privacy, unlike the very divisive Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA), two anti-piracy bills tabled in January 2012.

Introduced November 30, 2011, by Representatives Dutch Ruppersberger and Mike Rogers, CISPA is backed by 112 co-sponsors. The bill was reported out of committee December 1st with a bipartisan 17-1 vote. You can read all about the bill, amendments and discussion drafts here, but whether you're familiar with its contents or not, you probably know CISPA is creating an uproar among privacy advocates.

CISPA: What the Critics Say

Civil liberties and privacy groups, like the Electronic Frontier Foundation (EFF), believe the the passage of CISPA will be the death knell for online privacy. That's because through the bill’s framework, any Internet user's personal data could be shared with the government.

More specifically, the bill claims that its intent is "to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cyber security entities, and for other purposes." That doesn't sound so bad, but critics assert that the bill's lack of detail presents a real threat to online privacy. (You can read the bill yourself here.) Some of the risks that concern critics include:

1. Government monitoring of private communications
   According to the EFF, CISPA authorizes the monitoring of private communications and is broad enough to potentially allow companies (think Internet or mobile providers) to hand over large amounts of personal information to the government - no questions asked.
   
2. No limits on type of collected information
   The EFF claims that the bill is too broad in that it does not specify what types of personal information can be collected or how it can be used.
   
3. All information collected is sent to the National Security Agency (NSA).
   CISPA's critics take issue with the fact that information goes to this arm of the U.S. Defense Department because in 2010, the NSA was found guilty of conducting illegal surveillance.
   
4. No limits on how personal information is used
   According to an article by Sharon Bradford Franklin, senior counsel at the Constitution Project, CISPA does not include limits on how personal information can be used by the federal government, which means it may not be limited to prosecuting cybercriminals targeted by the bill. Companies can hand information over to law enforcement without a warrant, which presents potential use for "other law enforcement purposes." There are also no limits on which government agencies can access information about Internet users, although Franklin says this should be limited to civilian agencies.
   

As a result of its broad language, CISPA has many opponents and critics, including Demand Progress, The Cato Institute, Avaaz.org and the U.S. Bill of Rights Foundation.

Who's in Favor of CISPA?

Of course, CISPA also has a strong base of supporters in the form of a broad coalition of Democrats and Republicans, as well as tech giants like Facebook, Google and the Internet Security Alliance (ISA). Other supporting CISPA organizations include IBM, Oracle, AT&T, the National Cable & Telecommunications Association and the Software and Information Industry Association (SIIA).

Where CISPA Stands

Changes are up for consideration as the bill moves to the House vote, and several amendments have passed since the bill’s November 2011 introduction. These include:

• CISPA's definition of intellectual property (IP) was narrowed and the bill's purpose was clarified as the prevention and defense against cyber hacking and threats from outside the U.S.
• As a milder alternative, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE Act), sponsored by Rep. Dan Lungren, was passed by the House Homeland Security Committee on April 18.
• The House Permanent Select Committee on Intelligence (HPSCI) filed an amendment to serve as base text for future CISPA amendments on April 19.

What You Can Do

Is CISPA an effective tool for fighting Internet crime, or is it the Orwellian monstrosity its critics make it out to be? Find out where you stand by doing some research:

• Read the bill.
• Visit SOPA Track, a tool that allows users to search for representatives and senators by state or street address and see where they stand on CISPA and other cybersecurity bills. SOPA Track provides details about special interest lobbying by pro- and anti-SOPA organizations.
• Call your elected officials.
• Spread the word by emailing friends and family. Express your view(s) by blogging and posting on sites like Facebook, Twitter, YouTube and LinkedIn.

CISPA's Future

Even if CISPA is pushed through the House following the April 23rd debate, the bill’s next stop is the Senate. If passed there, its final fate will be determined by the president. But recent history has proven that when the government attempts to mess with the Internet, users raise their voices and get involved. No matter where this bill lands, stay tuned for more debate.