The window to stop the Cyber Intelligence Sharing and Protection Act (CISPA) is closing fast. Starting as early as Monday, the House of Representatives will begin debate on the cybersecurity bill, which many rights advocates believe remains one of the most dangerous piece of legislation on the current congressional agenda. Reports indicate that lawmakers will vote on the bill Wednesday, April 25, or Thursday, April 26. That leaves precious little time to convince Members of the House to vote “nay” on CISPA. Here is a quick guide to get your up to speed on the issues surrounding CISPA, and ways you can help fight back.
Update: The House agenda shows that debate on CISPA will begin Thursday, with a vote no later than 3pm ET Friday.
What CISPA is
CISPA, officially known as H.R. 3523, is a cybersecurity bill currently in the House of Representatives that makes it easier for the government to share classified “cyber threat intelligence” with private companies, and for private companies to share information with the government. Neither side is required to share anything, but the bill makes it legal for them to do so.
The stated goal is to better protect both the government and the private sector from “cyber threats.”
CISPA was co-authored by Rep. Mike Rogers (R-MI) and Rep. C.A. “Dutch” Ruppersberger (D-MD). It currently has 112 co-sponsors in the House.
One of the best things you can do to help fight CISPA is to actually read it; don’t worry, it’s really short. Read all the bills, amendments, and “discussion drafts” of CISPA here.
The first key to convincing Congress, or even the people you know, to oppose CISPA is to know what you’re talking about. These are the primary concerns with the bill, which you should include in any letter, email, or phone conversation you have with your representative, or anyone else you want to convert to the anti-CISPA camp:
• CISPA effectively allows the federal government and corporations to “spy” on citizens. One of the main problems with CISPA is that its intentionally broad language gives corporations both the ability and incentive to share almost any type of information they like with the federal government. It also allows the government to use the information in an almost unlimited fashion.
Yes, the bill does contain limitations on the types of information that may be shared (namely: data related to “cyber threats” or “national security”), but the ambiguities of these terms render these limits completely meaningless. Because of this, private communication, like email or messages sent privately through social networks, could be considered fair game. And nothing in the bill requires companies to strip shared information of personally identifiable details — something other cybersecurity bills mandate.
• Information shared under CISPA could be used for almost any purpose. Despite what CISPA supporters want you to believe, the legislation effectively provides no limits for the types of information that may be shared under the bill. As mentioned above, this is because the bill uses overly broad language to define the relevant terms.
• CISPA could put your data in the hands of the military — and out of reach of public oversight. According to the bill, all information will flow into the Department of Homeland Security (DHS), which will then pass on the data to other parts of the government. This could mean organizations like the National Security Agency (NSA), which is a military organization, and thus has practically no civilian oversight. Traditionally, the DHS — a civilian organization that is subject to public oversight — handles the government’s cybersecurity operations. CISPA could change all that.
• If a company mishandles your data, it is nearly impossible to sue them and win. CISPA gives explicit immunity to companies who hand over data to the government, as long as that data is used from some cybersecurity or national security purpose. It also overrides all other laws pertaining to privacy and the sharing of individuals’ information. If, however, you (somehow) discover that your information was shared or used improperly, successfully winning a lawsuit against the company responsible is nearly impossible.
That’s because, under CISPA, a company must willfully engage in an “act or omission” that was made (I) Intentionally to achieve a wrongful purpose; (II) knowingly without legal or factual justification; and (III) in disregard of a known or obvious risk that is so great as to make it highly probable that the harm of the act or omission will outweigh the benefit. That’s right — the company must meet all of those criteria to be liable, not just one of them.
Update: This language has been removed in the most recent version of CISPA (pdf), but the concerns with liability remain.
So, these are the primary complaints. But if you want to truly educate yourself on this bill, I suggest checking out all of these links:
• Center for Democracy & Technology (CDT) CISPA resource page
• Chart comparing CISPA to other cybersecurity legislation (pdf)
• Electronic Frontier Foundation’s infographic on CISPA
• Groups opposing CISPA
• Groups supporting CISPA
Other CISPA notes:
• Opposing this legislation is not the same thing as opposing greater protections against cyber attacks. The problem with CISPA is how it could be abused or misinterpreted — not necessarily with its stated goal of protecting all of us against cyberattacks.
The CDT supports the PRECISE Act (H.R. 3674), an alternative cybersecurity bill, which you can read about here. Update: The PRECISE Act now includes privacy stipulations similar to CISPA, so the CDT has abandoned its support for the bill.
• Please, do not compare CISPA to SOPA. These two bills have almost nothing to do with each other, save the fact that they are related to the Internet, and a lot of people are against CISPA , as they were with SOPA. Drawing parallels between CISPA and SOPA only muddles the anti-CISPA message, and gives supporters an entirely irrelevant reason to disregard what you have to say about the bill.
How to fight back
The best case scenario is that CISPA is voted down in the House. And the best way for that to happen is for your representative to know that you oppose the bill. Here are a few ways to do so:
• Find out who your representative is here.
• Find email for your representatives here.
• Find phone numbers for your representative here.
• Send a automatically-generated tweet to your representative just by typing in your ZIP code here.
• Tweet Rep. Rogers and the House Intelligence Committee: @HouseIntelComm and @RepMikeRogers.
• Email Rep. Rogers directly.
• Join Fight for the Future’s anti-CISPA Twitter campaign here.
• Sign a petition against CISPA: here, here, and here.
Update: You can also call your representative and Senators directly using this excellent tool from Grassroutes.us, below. (Thanks, Tess!) It automatically pulls up your Congress Members based on your IP address.
What to expect next
Once CISPA goes before the full House next week, the bill could change substantially. Be sure to keep up with CISPA news next week. I’ll be covering it here at Digital Trends — but the important thing is to stay informed, however you can. If the bill does pass the House — a likely scenario, at the moment, considering it has broad bi-partisan support — it will move to the Senate. The Senate will likely take up CISPA for debate sometime in May, so setting up a Google Alert on CISPA is probably your best bet, if you want to stay up on the latest news for the long haul.
Remember: Even if CISPA passes the House, the fight is not over. It must be signed by President Obama to become law. So it is important to remain patient and tenacious all the way to the end.