Skip to main content
  1. Home
  2. Web

Five things everyone needs to know about CISPA

Andrew Couts
By
CISPA House of Representatives
Image used with permission by copyright holder

Now that the Cyber Intelligence Sharing and Protection Act (CISPA) has passed the House of Representatives, it will soon head to the Senate. For better or worse, its debut on the Senate floor is, however, still weeks away. So, while we have a moment of legislative down time, let’s take a quick look at some basic facts about CISPA to help make sure the conversation surrounding the bill stays in the realm of reality as it moves into its next phase.

1. CISPA has nothing to do with SOPA

Chances are, if you’ve read something about CISPA over the past few weeks, you probably heard SOPA, the defunct Stop Online Piracy Act, mentioned in the same breath. That’s understandable, but also unfortunate, as it has caused a great deal of confusion about what CISPA is, and why it’s problematic. (I am by no means innocent in this matter, either.)

Recommended Videos

So, here are the differences between the two: CISPA has to do with privacy. SOPA dealt with censorship. CISPA threatens our Fourth Amendment rights — the right against “unreasonable searches and seizures” — because it allows businesses to hand over a staggering amount of information about us to the federal government with impunity. SOPA threatened our First Amendment rights — the right to free speech — because it would have allowed the federal government to block access to websites using the same practices employed in oppressive regimes, like Iran and China.

The only similarity between the two is that they end in “PA” and have to do with the Internet. That’s it.

2. CISPA got better with amendments

Though some privacy and civil liberty advocates may disagree, CISPA really did improve prior to its passage in the House. A total of 11 amendments were added to the bill, some of which made positive changes to the types of information that may be shared, and how the government may legally use that information. Leslie Harris, president and CEO of the Center for Democracy & Technology (CDT), lays out the key details of these changes here.

One added provision, known as the Quayle amendment, has raised the most number of eyebrows. It outlines the purposes for which the government may use information collected from businesses. They are as follows:

  1. cybersecurity;
  2. investigation and prosecution of cybersecurity crimes;
  3. protection of individuals from the danger of death or physical injury;
  4. protection of minors from physical or psychological harm; and
  5. protection of the national security of the United States

Some CISPA critics believe this provision still grants the government too much power, because some of the purposes have nothing to do with “cybersecurity” whatsoever. And while it may be true that CISPA does give the government too much power to use information in untold ways, the Quayle amendment actual limits the government’s power more than the earlier text of the bill because it outlines exactly the ways law enforcement may use data collected under CISPA, rather than giving authorities the ability to use CISPA data however they like.

“Because the Quayle amendment explicitly proscribes all but a handful of ways in which government may use shared information, I firmly believe it’s a huge improvement over the previous language,” said Ryan Radia, Associate Director of Technology Studies at the Competitive Enterprise Institute, in an email. “The bill as passed by the full House is still very problematic, to be sure, but it’s less troubling than the unamended version thanks to, inter alia, the Quayle amendment.”

“Information shared with the government pursuant to CISPA can and will be used for purposes that have nothing to do with cybersecurity or national security,” Radia adds. “That’s extremely worrisome, to be sure. But that each of the uses listed in the Quayle amendment were already permissible under the previous version of the bill – along with any other lawful, non-regulatory government use under the sun.”

3. …But it’s still fundamentally broken

As the CDT and other critics warn, CISPA remains a dangerous bill, despite the improvements. For starters, the bill still does not provide any limits on the information shared under CISPA to be passed along to shadowy organizations, like the National Security Agency, which has essentially no public oversight. Furthermore, CISPA still allows data collected under the bill to be used for vague purposes of “national security,” a term that could mean almost anything.

Privacy advocates will push to have CISPA further amended in the Senate to restrict access to the shared data, and more narrowly define the “national security” purpose in the bill.  

4. CISPA is not the only cybersecurity bill in Congress

While CISPA has taken center stage in the cybersecurity legislation arena, it is not the only player on the court. In the Senate, two competing bills stand a chance of becoming law. The first is the Cybersecurity Act of 2012 (S. 2105), which was introduced by Sen. Joe Lieberman (I-CT), and has the backing of Senate Democrats and the White House. The second is the SECURE IT Act (S. 2151), introduced by Sen. John McCain (R-AZ).

As the Electronic Frontier Foundation notes, both bills have their own set of problems. And, as with CISPA, the problems primarily stem from the “broad language” of the bills, and how certain terms, like “cybersecurity threat” and “cybersecurity threat indicator,” are defined. Despite these potential deficiencies, neither bill has yet raise quite as much ire as CISPA.

Of the three bills — CISPA, Cybersecurity Act of 2012, SECURE IT Act — Lieberman’s bill currently stands as the pack leader thanks to its government protections for critical infrastructure networks, like electrical grids and water delivery systems (something President Obama has demanded), and for requiring that any company that shares information with the federal government must first anonymize the data — a provision CISPA clearly lacks.

5. CISPA likely won’t pass the Senate (unchanged)

While CISPA was particularly popular with House Republicans, the Democrat-controlled Senate will almost certainly require more robust privacy protections before the bill stands a chance at passage — especially considering that the Obama administration has threatened to veto the bill without certain changes that have not yet been met. In fact, according to Politico reporter Jennifer Martinez, CISPA is “basically dead on arrival” in the Senate due privacy concerns.

It is possible that we will see CISPA combined with either the Lieberman or the McCain bill, though which parts will remain is far from clear at this point. If CISPA does undergo such changes, it will have to go back to the House to be voted on again before it can be sent to President Obama. And if the bill contains any types of government regulations, House Republicans will likely shoot down the bill.

In short: The battle over CISPA is far from over, and could take a number of twists and turns before we have any sort of resolution to the matter. For those of you concerned with these bills, I recommend you prepare yourself for the long haul.

Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to create a Subreddit on desktop and mobile
Laptop Working from Home

Few social media sites are as popular as Reddit. Regardless of what you're interested in, there's probably a thriving community for you to interact with on the platform. Known as subreddits, these communities are home to topics like gaming, world news, science, movies, and more. If you can't find a subreddit with your particular interest, Reddit makes it easy to create your own Reddit community.

Running a successful Reddit community isn't easy – but the process of starting one only takes a few minutes. Keep in mind that you'll want to keep a close eye on your subreddit to prevent it from being shut down or turning into a wasteland with no users, but running a subreddit can be a lot of fun when done properly. If you prefer, you can also create a private community that only your friends can join, giving you a place to hang out beyond Twitter and TikTok.

Read more
How to download music from YouTube on desktop and mobile
A woman sitting on a couch, wearing airpods and holding and looking at a smartphone.

Downloading music from YouTube is a fairly common practice, and the demand for making the process easier has inspired the creation of countless websites and software.

But not every service can be considered safe. In fact, some of these services may infect your computer with malware or produce poor-quality audio files. When downloading music from YouTube, you’ll need to first make sure that the websites or apps you use for doing so won’t hurt your device. For this guide our team has found two methods to make the process safer and easier.

Read more
How to clear your browser cache in Chrome, Edge, or Firefox
The Firefox iPhone app.

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more