CISPA: A guide to the 'Big Brother' cyber security bill
Civil libertarians and open-web advocates are up in arms about a far-reaching bill coming up for a big vote in the House. Here's why
An unprecedented internet-driven public outcry sank the Stop Online Piracy Act (SOPA) in January, and now privacy advocates and web-freedom activists are trying to stop another House bill targeting the internet: The Cyber Intelligence Sharing and Protection Act (CISPA). They don't have much time. The bill, which quixotic presidential candidate Rep. Ron Paul (R-Texas) calls "Big Brother writ large," is scheduled for a vote on May 27, and it has at least 113 cosponsors. What is CISPA, why don't critics like it, and what are the odds it will pass? Here's what you need to know:
What does CISPA do?The bill is designed to make it easier for the government and private companies to share information that might thwart cyber attacks by everyone from hacker groups like Anonymous to secret-pilfering nations. Companies and the government already can, and do, share some private information about individual web users, but they face the risk of lawsuits. CISPA would allow companies to freely share "cyber threat information" without consequence. The idea is that if everyone can freely pool information about cyber threats, they'll be easier to stop.
Why is that controversial?The problem stems largely from one word: "Notwithstanding," says Declan McCullagh at CNET News. By including the caveat that any web-related service provider may share "cyber threat information with any other entity," including the military and National Security Agency, "notwithstanding any other provision of law," CISPA's backers want the bill to "trump all existing federal and state civil and criminal laws. It would render irrelevant wiretap laws, web companies' privacy policies, educational record laws, medical privacy laws, and more." It's "a classic example of over-legislation," says DJ Pangburn at Death and Taxes.
But isn't cyber-security a real concern?Yes, but "encouraging private industry to funnel information to the government poses its own set of problems," says the Los Angeles Times in an editorial. The bill can be tweaked, but its troubling premise is that it transforms email providers, Facebook, and broadband services "from service providers to surveillance agencies." Clueless legislators must start "talking to actual cyber security and tech experts," not to mention civil libertarians, says Erik Kain at Forbes. In the meantime, with bills like CISPA "we risk giving far too much away, once again, in our quest for an ever-elusive sense of security."
Who backs CISPA, and who doesn't?Unlike SOPA, several large tech companies are on board with CISPA, including Facebook, Google, Microsoft, and IBM. Other prominent backers include the U.S. Chamber of Commerce, AT&T, and defense contractors. On the other side, the ACLU, Electronic Frontier Foundation, Free Market Coalition, Anonymous, Sunlight Foundation, a group of 18 House Democrats, and the Republican Liberty Caucus are among the odd collection of groups trying to kill the bill. The Obama administration opposes the bill as written. The bill's author, Rep. Mike Rogers (R-Mich), says he's "open to change this bill right up until it comes to the House floor."
What are CISPA's chances in Congress?Since the list of congressional supporters is growing, not shrinking as in the SOPA affair, Rogers says there is "a strong chance that the bill will be passed" this week. Its prospects are less clear in the Senate, which has a competing bill, the Cybersecurity Act of 2012, which has more protections. Finally, it has to be signed by the leery president. Although Obama advisers say the bill is flawed, Obama hasn't threatened to veto it.
Editor's note: This article originally mischaracterized Ron Paul's willingness to support CISPA. The Texas congressman does not yet support final passage. We regret the error.