The House of Representatives changed, then passed, the controversial Cyber Intelligence Sharing and Protection Act, better known as CISPA, late Thursday afternoon. As the dust settles, many are wondering where CISPA stands now and where it’s headed next.
Hey Mashable, what’s CISPA?
CISPA’s designed to let private business share information about cybersecurity threats with one another and with the U.S. federal government.
If, for example, Microsoft’s cybersecurity team detects a threat that might also have an impact on Facebook, Microsoft’s team could give Facebook’s people a call without worrying about legal barriers to that kind of communication. Microsoft could also give that heads-up to the federal government, and vice-versa.
Well, that sounds fine and dandy. Why’s CISPA controversial?
Privacy and civil liberties groups argue that CISPA would allow businesses such as Facebook to give the federal government (and the intelligence community) users’ private communications and other sensitive personal data.
The two parts of CISPA these groups consider most offensive are a national security clause and a liability clause. The first, they say, would allow CISPA to be used in any case where national security is deemed at risk — a potentially broad category. The second would protect any business that shares cybersecurity information from lawsuits — including suits from users who think their private information may have been shared without justification.
That’s not so great. How’d this bill pass the House?
CISPA’s authors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), worked with civil liberties groups and companies such as Facebook and Microsoft to try to address everybody’s concerns with their cybersecurity legislation. That means a lot of stakeholders were included in the bill, generating strong support among private firms, cybersecurity experts and Congresspeople.
CISPA had more than 100 co-sponsors and a lot of business support before it came up to a vote — a strong sign that it was well on its way to passing.
You said CISPA was amended — so it’s fine now, right?
That depends on whom you’re asking.
Many businesses and cybersecurity experts welcome the legislation, because it allows them to team up against the Internet’s bad guys — who are coordinating to launch cyberattacks every day.
However, most privacy groups aren’t sold. One amendment that would’ve removed the national security clause while ensuring civilian oversight of data shared with the government under CISPA was blocked from debate by House leadership. Some companies that once applauded CISPA, such as Microsoft, have backed away from the bill.
Other amendments which tightened up language, restricted the type of information that can be shared with the government and gave the civilian-controlled Department of Homeland Security more oversight in the data-sharing process were debated and passed, but they didn’t go far enough to win over privacy groups’ support.
What’s next for CISPA?
CISPA’s headed to the Democrat-controlled Senate, where one of two things can happen: The Senate can vote CISPA up or down as it was passed in the House, or they can amend it further.
Privacy groups, such as the Center for Democracy and Technology, are betting the bill can be salvaged in the Senate’s amendment process. If that happens, the House and Senate would have to pass a bill that reconciles the differences between their two concepts. Should reconciliation prove successful, the bill would be sent to the White House for President Obama’s signature — when it would become law.
Other cybersecurity bills are already gaining momentum in the Senate. Those bills take a different approach, though — they set cybersecurity standards for private companies to meet instead of instituting an information-sharing system. Conservative lawmakers argue that approach represents an unnecessary and dangerous intrusion of the government into cyberspace.
Does Obama have to sign CISPA if it passes the Senate?
Not at all. President Obama’s top advisors have said they’ll recommend he veto CISPA if it doesn’t include adequate privacy protections before it reaches his desk.
Is CISPA the next SOPA?
The debate around the Stop Online Piracy Act, or SOPA, was about the balance between protecting intellectual property and preserving free speech, but CISPA is about having cybersecurity while preserving Internet users’ privacy.
Opposition to CISPA has yet to build to SOPA levels, but it’s starting to rise, especially on sites such as Reddit where the anti-SOPA community first came together. Threads advocating another SOPA-style blackout have more than one thousand comments. One anti-CISPA petition already has nearly 800,000 signatures.