The emergence of the Cyber Intelligence Sharing and Protection Act (CISPA) has been an ongoing saga about how the American government handles issues surrounding personal privacy and security on the Internet. After passing the House last year, CISPA stalled in the Senate this April. Even so, many critics say it still isn’t dead, and that at the very least, the government will be trying something similar in the near future.
There’s been a lot of buzz about CISPA, but its effects aren’t entirely clear. So how would CISPA (or similar legislation based on it) affect everyday Internet users? Here’s a look at what CISPA attempted to do – and what to look for in its replacement. (For some background on the bill, read Tech In the House: CISPA Faces Congress.)
Existing Online Surveillance Could Get a Whole Lot Easier
Groups like the American Civil Liberties Union (ACLU) are warning that under CISPA, much of the online information gathering that traditionally requires a legal process could become practically "automatic" and that the bill’s vagueness would allow for much broader collection of information from a wide variety of websites. This is worrying many citizen advocates who think that current rules that protect personal information are already too tepid, especially in a world where we can’t expect even a semblance of privacy as it is. (To learn more, read Don’t Look Now: Online Privacy May Be Gone for Good.)
Big Companies Could Go Along for the Ride
Some of those keeping an eye on CISPA are looking back to a prior set of laws that were stalled by prominent criticism from giant tech firms, like Facebook and Google. The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), were aimed at shutting down individual websites, which is why a number of large companies opposed these changes. By contrast, CISPA only seemed to affect individual users, which may explain why corporate backlash was much more limited. (To learn more, check out SOPA and the Internet: Copyright Freedom or Uncivil War?)
Citizen’s Groups Could Ratchet Up Online Advocacy
Some of the big news around CISPA involves groups like Anonymous, a broad-based user collective that has targeted the laws in recent protest events. In April, the group announced an "Internet Blackout Day" late in the month as a show of support for blocking CISPA and keeping more stringent protections of an individual’s online privacy. (Unfortunately, the blackout didn’t go as planned.)
Personal Online Data Could Get "Leaked"
One of the biggest concerns about CISPA is that it would weaken a lot of the power of legal and contractual privacy agreements, because it would make it harder to sue a company for divulging personal information about a user.
Proponents of the bill argue that the kinds of government surveillance that it requires don’t usually look for personal data. Even so, personally identifiable information could get into the wrong hands in many ways. Critics argue that with CISPA in place, companies would have less incentive to toe the line on strict privacy regulations. Practically speaking, CISPA would make those neat little privacy protection statements on websites substantially less bulletproof.
In looking at how certain kinds of private data could get leaked, it can be helpful to consider some of the details that the legislature looked at around the passage of CISPA. For example, Washington Technology coverage from April 22 shows how protections for an employee’s social media accounts have been gutted in the House, implying CISPA would allow employers to gain access to an individual staffer’s accounts. That’s just one of the kinds of privacy violations that made CISPA so controversial.
Tech Experts and Others Could Look For "Fixes"
While CISPA backers are howling about national security and plenty of others are making noise about privacy, some still think that it’s possible to make CISPA do what it is supposed to do: Defend American infrastructure without digging into people’s personal data. Take this opinion piece from Wired, where writer Chris Finan addresses the possibility that CISPA could be fixed, rather than scrapped.
"I say we can have both security and privacy," writes Finan, proposing rules on stripping personal data from the kinds of acquisitions greenlighted by the bill. This kind of effective middle ground may be a way to make a scary bill more palatable if some version ever makes its way to the president’s desk.
CISPA is the government’s latest attempt to address cybercrime in an increasingly interconnected and digital world. Most say it has died in the Senate, but few believe it’s gone for good.