The true intent of CISPA
While the Cyber Intelligence Sharing and Protection Act’s (CISPA) intent is clearly aimed at greater private sector cooperation with federal cyber crime investigations, opponents adamantly maintain that if adopted in its current form, Internet users will lose all protection provided by existing laws to safeguard their privacy.
Debate
The debate over CISPA is between proponents who assert that it is essential to strengthen the federal government’s ability to fight cyber threats, and opponents who say the legislation fails to provide adequate privacy protection for U.S. citizens.
This bill, passed by the U.S. House of Representatives in April and which now moves to the U.S. Senate, would allow companies and Internet service providers (ISPs), including large providers such as Verizon and AT&T, to share customer information pertaining to cyber threats with government agencies, such as the National Security Agency (NSA) and the Department of Homeland Security (DHS). The companies would be free to turn over customer records to federal investigators at their discretion.
Sharing information
The legislation’s proponents argue that this level of information-sharing is essential to investigate the constant threat posed by cyber attacks against government agencies and commercial enterprises. These include cyber espionage, and congressional supporters cite, in particular, threats from nation states such as Russia and China.
Support from major companies
CISPA has the support of a number of large tech companies, including Microsoft,Facebook, Oracle, Symantec, Verizon, AT&T and IBM, and defense contractors, such as Boeing and Lockheed Martin. A number of industrial and business associations, including the U.S. Chamber of Commerce, the Business Software Alliance, the CTIA and the National Cable & Telecommunications Association also have advocated for the legislation.
Opposition
In addition to congressional opponents, a number of privacy advocacy and civil liberties groups, such as the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation, vigorously contest CISPA. At the crux of the opposition, they say, is potential carte blanche for companies to turn over customer information to government agencies without due process of law, including court orders typically required in criminal investigations.
What could this mean for the “average” Web user?
Although the intent of the law is focused clearly on sharing information about cyber threats, the average Internet user should question the possible indiscriminate sharing of private information, or, worst case, sharing of information for other purposes under the pretext of cyber crime investigation. Opponents have described the law as a sort of “virtual wiretapping” of people’s browsing activity without the legal controls exerted outside of the digital realm.
Opposition of prominent hacker groups
Anonymous, the ideologically motivated “hacktivist” group, had been actively engaged against CISPA before its House passage, claiming responsibility for a serious of Distributed Denial-of-Service (DDoS) attacks against Boeing and trade associations TechAmerica and USTelecom.
After the passage, however, Anonymous attempted to change tactics because, it said, DDoS attacks were losing their effectiveness in the face of stronger protection. They called, instead, for street protests against a wide range of companies it cited as CISPA supporters, including high-profile tech targets such as AT&T, Verizon, Microsoft, IBM and Intel, as well as companies such as Coca Cola, Pepsi, Target, Walmart and CVS. The protests, which they called for during May and June, have failed as yet to materialize. They also threatened unspecified action to be taken in late June to “send a strong, swift message” to MasterCard, Visa and American Express.
Anonymous had claimed responsibility for a number of DDoS attacks earlier this year as Congress took up the Stop Online Piracy Act (SOPA), which some mistakenly associate with CISPA. SOPA was aimed at cutting off access to the illegal sharing of copyrighted intellectual property, chiefly entertainment, like music and film. Opponents feared SOPA would restrict the free use of the Internet and stifle commercial development.
What happens now?
The question now is what happens when the U.S. Senate takes up the bill. Congress has been trying for years to pass cyber security legislation without success. Legislators have been unable to pass a federal data breach disclosure law to standardize requirements now divided among 40-plus state laws.
The CISPA vote broke along largely partisan lines in the Republican-controlled House. President Obama had previously threatened to veto CISPA in its present form, saying that it failed to adequately protect Internet user confidentiality and civil liberties. In that context, CISPA might very well undergo significant change in the Senate if it is to have a chance to allay opponents’ concerns and remove the threat of presidential veto.