• Is CISPA SOPA 2.0? We Explain the Cybersecurity Bill

    By Wire News Sources on April 26, 2012

    by Megha Rajagopalan

    Update (4/26): An earlier version of this story said a proposed amendment by Rep. Adam Schiff, D-Calif., had helped gain support for CISPA. Schiff’s amendment, which among other things would further define what’s considered a “cyber threat,” is no longer scheduled for consideration.

    The Cyber
    Intelligence Sharing and Protection Act
    , up for debate in the House of
    Representatives today, has privacy activists, tech companies, security wonks
    and the Obama administration all jousting about what
    it means – not only for security but Internet privacy and intellectual
    property.  Backers expect CISPA to
    pass, unlike SOPA, the Stop Online
    Piracy Act
    that melted down amid
    controversy earlier this year. 

    Here’s a rundown on the debate and what CISPA could mean for Internet
    users.

    What
    exactly is CISPA?

    The act, sponsored Rep. Mike Rogers, R-Mich., and Rep. Dutch
    Ruppersberger, D-Md., would make it easier for private corporations and U.S.
    agencies, including military and intelligence, to share information related to “cyber
    threats.” In theory, this would enable the government and companies to keep
    up-to-date on security risks and protect themselves more efficiently. CISPA
    would amend the National
    Security Act of 1947
    , which currently contains no reference to cyber security.
     Companies wouldn’t be required to
    share any data. They would just be allowed to do so.

    Why should
    I care?

    CISPA could enable companies like Facebook and
    Twitter, as well as Internet service providers, to share your personal
    information with the National Security Agency and the CIA, as long as that
    information is deemed to pertain to a cyber threat or to national security.

    How does
    the bill define “cyber threat”?

    The bill itself defines it as information “pertaining to a vulnerability of” a system or network — a definition that opponents have criticized as too broad. The bill gained support after sponsors agreed to allow votes on several amendments they said would make concessions to privacy activists; one aims to narrow the definition of “cyber threat.”

    When can data be shared?

    Rogers said the amended version of the bill would only enable companies and intelligence agencies to share information related to 1) cyber security purposes; 2) investigation and prosecution of cyber security crimes; 3) protection of individuals from death and bodily harm; 4) child pornography; or 5) protection of the national security of the United States.

    Why are
    privacy activists upset about CISPA?

    Privacy activists like the American Civil Liberties Union and the Electronic
    Frontier Foundation
    contend CISPA isn’t specific enough about just what
    constitutes a “cyber threat.” They say it enables Internet companies and
    service providers to hand over sensitive user information to intelligence
    agencies without enough oversight from the civilian side of government.
    Finally, they say it does not explicitly require Internet companies to remove
    identifying information about users before sharing.  Opponents contend, for instance, that
    Facebook or Twitter could share user messages with the NSA or FBI without
    redacting the user’s name or personal details.

    CISPA also protects the private sector from liability even if
    they share private user information, as long as that information is deemed to have been shared for cybersecurity or national
    security purposes. Even though sharing is voluntary and not required under the
    law, privacy activists say the legal immunity CISPA provides would make it easy
    for the government to pressure Internet companies to give up user data.

    What kind
    of information can be shared?

     Private companies and
    government agencies can share any information that pertains to a “cyber threat”
    or that would endanger national security. That could include user information,
    emails, and direct messages. Companies would be allowed to share with each
    other as well as the government. The government is not allowed to proactively
    search company-provided information for purposes unrelated to cyber security,
    but opponents say this would be tough to enforce. The bill does not place any
    explicit limit on how long that information can be kept. Several proposed amendments would limit the amount and kinds of information
    that can be shared, but it remains to be seen which — if any — will
    be adopted.

    Is CISPA
    basically SOPA 2.0?

    No, it’s very different.

    SOPA was about intellectual property; CISPA is about cyber
    security, but opponents believe both bills have the potential to trample
    constitutional rights. The comparisons to SOPA stem from
    language in an earlier version of CISPA that referenced intellectual property.
    That wording was removed early on in response to mounting criticism. SOPA would
    have strengthened copyright laws, barring search engines and other websites
    from linking to sites that violated intellectual property regulations. That
    prompted a First Amendment concern from critics that it would give government
    the power to block websites wholesale, trampling free speech. CISPA’s liability
    shield, on the other hand, has sparked a concern based on the Fourth Amendment,
    which protects against unreasonable search and seizure. Opponents contend the
    law would make it too easy for private companies and the intelligence community
    to spy on users in the name of cyber security.

    Why are
    some of the tech companies that protested SOPA, like Facebook and Microsoft,
    now
    supporting this bill?

    CISPA gives Internet companies the ability to share threat information
    with intelligence agencies and receive information back from them,
    an ability they say would enable them to deal with cyber threats more
    effectively. It does not compel them to protect users’ privacy (though a
    variety of proposed amendments aim to add more stringent privacy protections). Companies
    could not be held liable for divulging a user’s identity or data to the
    government if the information relates to a “cyber threat.”

    What’s the
    Obama administration’s take?

    The White House is backing a Senate bill proposed by Homeland Security
    and Governmental Affairs Committee Chairman Sen. Joe Lieberman, I-Conn., and
    has threatened
    to veto
    CISPA. Officials cite a lack of personal privacy protections.
    They say CISPA would enable military and intelligence agencies to take on a
    policing role on the internet, which the administration points out is a
    civilian sphere.

    What is
    CISPA’s path forward in Congress?

    A vote is set for Friday. CISPA has accumulated more than 100 cosponsors
    and will most likely pass the House. “This isn’t about scrambling to meet 218
    votes, we are well past that,” co-sponsor Rogers said during a conference call
    with reporters. But the Senate is a different story — there, it must
    compete with the Lieberman cyber security bill and one from Sen. John McCain,
    R-Ariz.

    Would CISPA
    really make us more secure?

    It’s unclear.

    Some cyber security specialists note that neither CISPA nor
    other cyber security bills in Congress would compel companies to update
    software, hire outside specialists or take other measures to preemptively secure
    themselves against hackers and other threats. CISPA’s backers respond that the
    bill would forestall a “digital Pearl Harbor,” allowing a freer flow of
    information for a quicker and more effective response to hackers by both the
    government and the private sector.


    Go to Source



    No comments yet.

    Sorry, the comment form is closed at this time.