The House on Thursday opted for an earlier-than-expected vote on the controversial CISPA bill, which now moves to the Senate. But what's the big deal with this bill? How might it affect the average Web user?
The Cyber Information Sharing & Protection Act (CISPA) is intended to allow for information-sharing between private companies and the government in the event of a cyber attack. In defending the bill recently, Facebook argued that it and other tech firms are limited in what they can share when a cyber scammer strikes.
"When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack," Joel Kaplan, vice president of U.S. public policy at Facebook, argued in a blog post.
But what information are we talking about? My Facebook photos? Google searches? Cloud-based files? That's the concern of opponents - from the Electronic Frontier Foundation and the ACLU to the White House. Basically, they fear that CISPA will give tech companies carte blanche to hand over all user data in the name of cyber security - without those users' permission.
But there are also some very specific concerns about what CISPA will and won't do. We break down a few of the top ones.
1. Immunity: CISPA offers "good faith" immunity to companies that identify and report a cyber-security issue to the feds. But, the EFF argued, the definition of good faith is very vague, "which is likely to make difficult any attempt at litigating against companies" that might put your data at risk. During a floor debate this week, Rep. Jared Polis suggested that CISPA incentivizes companies to hand over any and all data just to secure this immunity.
2. Military, NSA Access to Data: Detrators fear that CISPA will allow for companies to hand over data to any branch of the government - including the military and the National Security Agency. In objecting to the bill this week, the White House argued that CISPA "effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres." Instead, the Department of Homeland Security, the administration said, should play a "central role" in cyber-security issues. In attempting to address this issue, the House approved an amendment that calls on the Inspector General in his required report about CISPA to list "all federal agencies receiving information shared with the government," but it doesn't expressly stop agencies like the NSA from viewing the data.
3. Just the Beginning: Though bill sponsors argue that they have no nefarious intentions with CISPA, opponents are mainly concerned with its unintended consequences. As ACLU legislative counsel Michelle Richardson argued last night, "once the government gets expansive national security authorities, there's no going back." In its statement, the Center for Democracy and Technology (CDT) said it was concerned that CISPA does not address the use of data "for national security purposes unrelated to cybersecurity."
4. Bypassing Existing Laws: A common theme on the House floor and in CISPA-related statements from privacy groups is that the bill overrides privacy, wiretap, and surveillance laws that are already on the books. "Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections," the White House said.
5. GOP Ignoring Amendments: Members of Congress opposed to CISPA have complained that House leadership did not allow votes on amendments that would have addressed some of their concerns. "Such momentous issues deserved a vote of the full House," CDT argued. During a floor debate yesterday, however, Rep. Richard Nugent said that the process was "a perfect example of how this House is supposed to work," while other supporters noted that CISPA was passed out of committee with a vote of 17 to 1.
CISPA has drawn comparisons to another controversial cyber-security bill, the Stop Online Piracy Act. For more, see the top concerns people had with SOPA (and its companion bill, PIPA) at the time. Do you have any concerns with CISPA? Let us know in the comments.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
