Battle lines are being drawn over the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA). It's a bill that would make it easier for private companies and the U.S. government to share user information concerning possible cyber threats. Microsoft, Facebook and a host of other technology companies are supporting the bill, but many digital rights groups fear that CISPA is another version of the Stop Online Privacy Act... but worse.

What Is CISPA?

CISPA is different from SOPA and PIPA in that it's not primarily about piracy or privacy issues. Instead, it's intended to help fight cyber attacks.

But the bills share similarities that raise red flags with digital rights advocates. Foremost, the language of CISPA is vague, broad and leaves much open for interpretation.

CISPA would amend a current law that defines how cyber threat intelligence information is used between the U.S. intelligence community and the private sector. Currently, that's often difficult or prohibited. CISPA would remove that firewall.

It would be a two-way street, where the intelligence community could give private entities information (with proper security clearance) and would allow companies to voluntarily share information with the government. The bill does not say that companies must share information with the government.

The procedural elements are not what makes the bill concerning. The issue is how things in the bill are defined. This is where the vagueness comes in.

  • Cybersecurity Provider: "A non-governmental entity that provides goods or services intended to be used for cybersecurity purposes."
  • Cybersecurity Purpose, Cybersecurity System, Cyber Threat Information: "[An entity] designed or employed to ensure the integrity, confidentiality, or availability of, or safeguard, a system or network, including protecting a system or network from:
  • Efforts to degrade, disrupt, or destroy such system or network; or theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

What are "goods and services intended to be used for cybersecurity purposes?" A Facebook status update was never "intended" to be used for cybersecurity purposes. Yet, under this law, a Facebook status update could be seen in a variety of ways. The wording of the definitions leaves it open for the government to request information from Facebook (or any other digital information service) over the smallest of updates.

Who Supports CISPA?

The bill is sponsored by two representatives:
  • Rep. Mike Rogers, chairman of the Permanent Select Committee on Intelligence. His office wrote the bill.
  • Rep. Dutch Ruppersberger, ranking member of the Permanent Select Committee on Intelligence, as well as a member on the Subcommittee on Emerging Threats and Capabilities.
  • The bill is cosponsored by 106 representatives. See the full list here.
  • In addition, CISPA has a letter of approval from 28 large technology corporations and organizations. That includes Microsoft, Facebook, Intel, IBM, Oracle, Symantec, Verizon, AT&T and CTIA.

Who Opposes CISPA?

Does It Stand a Chance?

From a legislative perspective, CISPA is in a stronger place than SOPA ever was. It enjoys bipartisan sponsorship from Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) and has 106 cosponsors in the House of Representatives, including the likes of Darrell Issa and Michelle Bachmann. Issa, as many will recall, was a staunch opponent to SOPA and holds influence as the chairman of the Oversight and Government Reform Committee.

What's Next?

CISPA made it through a Congressional committee in December with a 17-1 vote. It is currently being amended before going to a vote before the full House of Representatives on April 23.

The CDT, EFF, Demand Progress and the American Civil Liberties Union will launch a week-long campaign next week ahead of the voting on CISPA to protest the bill and educate citizens, and persuade them to contact their members of Congress to voice their concerns.

We will see if the anti-CISPA fervor reaches the level of the protests against SOPA and PIPA, but with some of the biggest technology companies supporting the bill, widespread blackouts are not likely.