Last Thursday, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) with a resounding Republican majority vote of 248 to 168.
CISPA is primarily meant to protect the government and U.S. corporations from outside intelligence. According to the House press release, “economic cyber spies will have a harder time stealing American business plans and research and development as the House took the first step …by passing a cyber security bill that will help U.S. companies better protect themselves from dangerous economic predators.”
Ironically, CISPA prevents international corporations from acquiring and sharing information by having Internet companies acquire and share your private information with each other, and with the government [read the full bill here]. Despite its good intentions on a national scale, the bill has several flaws that make it a risk to everyday Internet users. Although I do not completely oppose the bill, the current version of CISPA has several shortcomings, and as such should not be supported. Here are a few facts about the bill to put things into better perspective:
Is CISPA the new SOPA? Absolutely not. I received an inaccurate email from a global civic organization a few weeks ago urging me to sign a petition against CISPA by linking it to the previous, less desirable bill. While SOPA was about “protecting intellectual property” by actively shutting down websites and browser companies, CISPA is concerned with cyber security and raises the issue of privacy.
Why are tech companies supporting it? To the surprise of many, companies such as Facebook have thrown their weight behind this bill. This just means that CISPA actually aids these companies by protecting them against attacks and lawsuits in exchange for your information. This is something they are happy to provide, as long as no one wants to shut them down.
Who is the bill primarily aimed at? Foreign governments and corporations that try to siphon American intelligence and hack into American websites. But, several privacy activists, including Anonymous, the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), and U.S. Representative Ron Paul (R-TX) believe that it is an excuse to spy on individuals, and potentially misuse personal information.
Can information be misused? Currently, there are several clauses in the bill that may allow this. The bill is primarily drafted to allow the sharing of information "notwithstanding any other provision of law," which means anything is fair game. Any and all of your private messages, bank account or credit, browser history, etc. can be used and shared with the government without fear of any privacy laws. It is also wise to remember that it wouldn’t be the first time corporations have used information for their own gains.
How ambiguous is CISPA? Very. Although it has been narrowed down, there are certain terms in several sections that could be interpreted in several ways. For instance, what constitutes a “cyber security crime” is too broad and murky to stand as it is. Similarly, how one “degrades” or “disrupts” a network is unclear.
Does the problem of international hacking outweigh the sharing of private sector information? I think not. The overall concept of CISPA is actually great, but there are better ways to regulate government information. However, if corrections are made to several of the problems outlined above, there appears to be no harm in it.
Currently, CISPA’s future may not be all that good. Despite the fact that it passed the House, it will probably fail in the Senate. Barring that, the president may veto the bill – and rightly so. Unless the current version is amended yet again, CISPA should not be made to pass.