by Chase Donnally, (Outgoing) Research Director
The Cyber Intelligence Sharing and Protection Act (CISPA) is another battle in the ongoing struggle between those who wish to keep the internet free, and those who would like to see it regulated. Reintroduced in February of 2013, it was passed by the House of Representatives on April 13th.
Many of its opponents have compared it to SOPA and PIPA, the anti-piracy bills that failed to make it through Congress last year. While it may be true that CISPA poses a threat to online privacy, and that the internet community is generally opposed to it, CISPA is quite different from the aforementioned bills.
SOPA and PIPA were primarily anti-piracy bills. The main idea behind SOPA was to allow copyright holders to file complaints against websites which they believed were using or distributing their intellectual property. The government, in turn, would take the offending websites down. The bill had heavy opposition from major websites like Google, Yahoo, and Wikipedia, who feared that the vague language in the bills would result in their sites being taken offline.
CISPA, on the other hand, is aimed at increasing cyber security by allowing for voluntary information sharing between private companies and the government. In the event of a “cyber attack,” companies and the government would be allowed to exchange any information they feel to be relevant to the attack. While this may sound somewhat innocuous, the broad language in the bill seems to allow for companies like Google or Facebook to violate their existing privacy policies and share the private information of their customers with the government. The Electronic Frontier Foundation warns that it may be written broadly enough to even allow communications service providers to share emails and text messages with the government, overriding already existing laws protecting privacy online.
So given the clear danger to online privacy that this bill presents, why didn’t we see the same massive opposition as we did with SOPA and PIPA? In January of 2012, many major sites, including Google, Wikipedia, and Reddit participated in a SOPA “blackout” in protest of the bill. No comparable protest took place for CISPA, and there was no similar opposition to the bill by the major tech companies that opposed SOPA. The reason for this may lie in which parties would be negatively affected by these two bills.
Under SOPA, large companies were worried that their websites might be be taken down if they were flagged for using copyrighted material. There was even a possibility that major sites like Google or Facebook might be taken down. As a result, these larger companies were understandably opposed to the bill. However, under CISPA, the power is put in the hands of the corporations. It isn’t their personal information that’s at risk, and they won’t be forced to bear any major additional costs as a result of the bill. In fact, in the event that they are the target of a cyber-security threat, the voluntary information sharing that this bill allows them may benefit them, albeit at the expense of their users’ privacy.
Luckily, despite passing in the House by a vote of 288-127, it looks like CISPA will not even be voted on in the Senate. According to the office of Sen. Jay Rockefeller (D-West Virginia), “the Senate will not take up CISPA.” While this is certainly good news for internet users, it certainly won’t be the last attempt by lawmakers to impose regulations on the internet. In fact, according to Senator Dianne Feinstein (D-California), efforts are already underway to draft a new “bipartisan information sharing bill.”
On top of that, on February 12th, 2013, Obama signed an executive order designed “to strengthen the cybersecurity of critical infrastructure by increasing information sharing…” A statement from the White House says that the order “includes strong privacy and civil liberties protections” and that the agencies will conduct investigations of their activities’ effects on privacy and civil liberties, and that the results of said investigations will be made public. According to the same White House press release, the Obama administration has also submitted “Comprehensive Cybersecurity Legislation” to congress.
While it would be preferable that the government avoid placing unnecessary regulations on the internet, one of the last bastions of freedom in the world, it seems likely that some kind of information sharing legislation along the lines of CISPA will eventually be put into law. Hopefully when that happens, the law will at least have narrow scope, judicial oversight, and won’t invalidate laws or contracts currently in place to protect users’ privacy.