Five things everyone needs to know about CISPA

CISPA House of Representatives

Now that the Cyber Intelligence Sharing and Protection Act (CISPA) has passed the House of Representatives, it will soon head to the Senate. For better or worse, its debut on the Senate floor is, however, still weeks away. So, while we have a moment of legislative down time, let’s take a quick look at some basic facts about CISPA to help make sure the conversation surrounding the bill stays in the realm of reality as it moves into its next phase.

1. CISPA has nothing to do with SOPA

Chances are, if you’ve read something about CISPA over the past few weeks, you probably heard SOPA, the defunct Stop Online Piracy Act, mentioned in the same breath. That’s understandable, but also unfortunate, as it has caused a great deal of confusion about what CISPA is, and why it’s problematic. (I am by no means innocent in this matter, either.)

So, here are the differences between the two: CISPA has to do with privacy. SOPA dealt with censorship. CISPA threatens our Fourth Amendment rights — the right against “unreasonable searches and seizures” — because it allows businesses to hand over a staggering amount of information about us to the federal government with impunity. SOPA threatened our First Amendment rights — the right to free speech — because it would have allowed the federal government to block access to websites using the same practices employed in oppressive regimes, like Iran and China.

The only similarity between the two is that they end in “PA” and have to do with the Internet. That’s it.

2. CISPA got better with amendments

Though some privacy and civil liberty advocates may disagree, CISPA really did improve prior to its passage in the House. A total of 11 amendments were added to the bill, some of which made positive changes to the types of information that may be shared, and how the government may legally use that information. Leslie Harris, president and CEO of the Center for Democracy & Technology (CDT), lays out the key details of these changes here.

One added provision, known as the Quayle amendment, has raised the most number of eyebrows. It outlines the purposes for which the government may use information collected from businesses. They are as follows:

  1. cybersecurity;
  2. investigation and prosecution of cybersecurity crimes;
  3. protection of individuals from the danger of death or physical injury;
  4. protection of minors from physical or psychological harm; and
  5. protection of the national security of the United States

Some CISPA critics believe this provision still grants the government too much power, because some of the purposes have nothing to do with “cybersecurity” whatsoever. And while it may be true that CISPA does give the government too much power to use information in untold ways, the Quayle amendment actual limits the government’s power more than the earlier text of the bill because it outlines exactly the ways law enforcement may use data collected under CISPA, rather than giving authorities the ability to use CISPA data however they like.

“Because the Quayle amendment explicitly proscribes all but a handful of ways in which government may use shared information, I firmly believe it’s a huge improvement over the previous language,” said Ryan Radia, Associate Director of Technology Studies at the Competitive Enterprise Institute, in an email. “The bill as passed by the full House is still very problematic, to be sure, but it’s less troubling than the unamended version thanks to, inter alia, the Quayle amendment.”

“Information shared with the government pursuant to CISPA can and will be used for purposes that have nothing to do with cybersecurity or national security,” Radia adds. “That’s extremely worrisome, to be sure. But that each of the uses listed in the Quayle amendment were already permissible under the previous version of the bill – along with any other lawful, non-regulatory government use under the sun.”

3. …But it’s still fundamentally broken

As the CDT and other critics warn, CISPA remains a dangerous bill, despite the improvements. For starters, the bill still does not provide any limits on the information shared under CISPA to be passed along to shadowy organizations, like the National Security Agency, which has essentially no public oversight. Furthermore, CISPA still allows data collected under the bill to be used for vague purposes of “national security,” a term that could mean almost anything.

Privacy advocates will push to have CISPA further amended in the Senate to restrict access to the shared data, and more narrowly define the “national security” purpose in the bill.  

4. CISPA is not the only cybersecurity bill in Congress

While CISPA has taken center stage in the cybersecurity legislation arena, it is not the only player on the court. In the Senate, two competing bills stand a chance of becoming law. The first is the Cybersecurity Act of 2012 (S. 2105), which was introduced by Sen. Joe Lieberman (I-CT), and has the backing of Senate Democrats and the White House. The second is the SECURE IT Act (S. 2151), introduced by Sen. John McCain (R-AZ).

As the Electronic Frontier Foundation notes, both bills have their own set of problems. And, as with CISPA, the problems primarily stem from the “broad language” of the bills, and how certain terms, like “cybersecurity threat” and “cybersecurity threat indicator,” are defined. Despite these potential deficiencies, neither bill has yet raise quite as much ire as CISPA.

Of the three bills — CISPA, Cybersecurity Act of 2012, SECURE IT Act — Lieberman’s bill currently stands as the pack leader thanks to its government protections for critical infrastructure networks, like electrical grids and water delivery systems (something President Obama has demanded), and for requiring that any company that shares information with the federal government must first anonymize the data — a provision CISPA clearly lacks.

5. CISPA likely won’t pass the Senate (unchanged)

While CISPA was particularly popular with House Republicans, the Democrat-controlled Senate will almost certainly require more robust privacy protections before the bill stands a chance at passage — especially considering that the Obama administration has threatened to veto the bill without certain changes that have not yet been met. In fact, according to Politico reporter Jennifer Martinez, CISPA is “basically dead on arrival” in the Senate due privacy concerns.

It is possible that we will see CISPA combined with either the Lieberman or the McCain bill, though which parts will remain is far from clear at this point. If CISPA does undergo such changes, it will have to go back to the House to be voted on again before it can be sent to President Obama. And if the bill contains any types of government regulations, House Republicans will likely shoot down the bill.

In short: The battle over CISPA is far from over, and could take a number of twists and turns before we have any sort of resolution to the matter. For those of you concerned with these bills, I recommend you prepare yourself for the long haul.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.


EA is losing out on the true potential of Titanfall studio with ‘Apex Legends’

Apex Legends is a solid battle royale game, but one can’t shake the feeling that its creation was dictated by Respawn’s new owners: Electronic Arts. In the process, the studio’s soul could be lost.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.

24 must-have apps for rooted Android phones and tablets

Rooting your Android device opens up a world of possibilities, along with a few apps. Here are 24 of our favorites, so you can make the most of your rooted device and unleash the true power of Android.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Smart Home

Looking to safeguard your home? These are the best DIY home security systems

Looking for the best DIY Home security systems? These security kits will help you feel safer in no time. Check out our top pick and full list to see which kit will work best for your home.

The 'Anthem' demo's crash landing raises more questions than answers

Bioware bravely allowed gamers to see a large chunk of 'Anthem' over two demo weekends, but it backfired. Lackluster missions, performance issues, and muddled messaging over micro-transactions leaves the game with an uphill battle.

In the age of Alexa and Siri, Cortana’s halo has grown dim

In a sea of voice assistants, Cortana has become almost irrelevant. The nearly five-year-old voice assistant is seeing little love from consumers, and here’s why it is dead.

Apex Legends proves battle royale is no fad. In fact, it’s just getting started

Apex Legends came out of nowhere to take the top spot as battle royale in 2019, and it now looks as if it'll be the biggest game of the year. Its sudden success proves the battle royale fad still has plenty of life left in it.
Home Theater

Apple is arming up to redefine TV just like it did the phone

Curious about what Apple's answer to Netflix will be? Us too. So we combed through some patents, and looked at the landscape, to come up with a bold prediction: Apple's streaming service will be way bigger than anyone thinks.
Home Theater

How the headphone jack helps Samsung out-Apple the king

Samsung’s latest flagship phones and wearables unveiled at the Galaxy Unpacked event had plenty of exciting new tech. But one of the most useful features Samsung revealed is also the oldest: The mighty headphone jack.

Age of Empires II thrives 20 years later. Here's what Anthem could learn from it

Age Of Empires II is approaching its 20th birthday. It has a loyal following that has grown over the past five years. New always-online games like Anthem would love to remain relevant for so long, but they have a problem. They're just not…

Devil May Cry is Fantastic, but I still want a DmC: Devil May Cry sequel

Capcom's Devil May Cry 5 is one of the best games of 2019 and a welcome return for the series, but its success should not discount just how wonderful Ninja Theory's DmC: Devil May Cry really was.
Smart Home

Alexa may be everywhere, but it’s Google’s Assistant I want in my home. Here’s why

The Amazon Alexa may have the Google Home beat in quantity of skills and compatibility with other products, but does that really matter when Alexa falls flat for day-to-day conversation?

DMC 5’s greatness is a reminder of all the open world games that wasted my time

Devil May Cry 5 modernizes the stylish action combat while retaining its storied PS2 roots. More so, though, it reminded me that we could sure use more linear, single player games to combat the sea of open world games.