The Cyber Intelligence Sharing and Protection Act (CISPA) is a federal bill that isn’t very intelligent and protects very little. Like so many other calamitous pieces of legislation before it, the name chosen often tells you exactly what it is not. The House of Representatives approved CISPA last week, and it is currently being considered in the Senate despite controversial provisions which could affect online privacy for every internet user.
CISPA’s supporters contend that it’s a necessary legal cover that would allow greater collaboration and info sharing between private and state entities in the case of a foreign cyber attack. Those in opposition see it as a risky proposition that would increase the likelihood of private user information, from your Facebook, Twitter and other profiles, being handed over to government. The web hacktivist collective known as Anonymous called for an “Internet Blackout Day” in protest. The Electronic Frontier Foundation (EFF) has called it a “poorly drafted bill that would provide a gaping exception to bedrock privacy law.”
CISPA was previously attempted in April of 2012 but stalled in the Senate and was under threat of veto by the president due to concerns about privacy and the desire to retain the “internet and cyberspace as civilian spheres.” According to the Electronic Frontier Foundation the bill “is written broadly enough to permit your communications service providers to share your emails and text messages … or your cloud storage company could share your stored files.”
Consumer and digital privacy groups like EFF are mostly intent on ensuring that the bill doesn’t pass in any form. However, there have been several proposed amendments in Congress with intent on refining the bill's language in ways that could explicitly limit the possibility of certain misuse and harmful interpretations if it becomes law.
One notable amendment intends to prevent employees from having to submit social network passwords to potential employers. Proposed by Rep. Ed Perlmutter (D-Colo.), the bill seeks to ensure that “No American should have to provide their confidential personal passwords as a condition of employment … Employers essentially can act as imposters and assume the identity of an employee.” Part of what makes this amendment interesting is that Perlmutter’s reasoning isn’t necessarily related to provisions in CISPA itself, but rather as a response to the growing employment trend.
The Republican majority were unified in voting down the Perlmutter amendment, excluding it from the House’s CISPA version. Thankfully, the practice of employer (and school) privacy encroachment through requiring employee/student passwords is still being addressed through a growing patchwork of state level legislation. On the federal level, the Social Networking Online Protection Act (SNOPA) is making its way through Congress and could criminalize the practice nationwide.