Five things everyone needs to know about CISPA

CISPA House of Representatives

Now that the Cyber Intelligence Sharing and Protection Act (CISPA) has passed the House of Representatives, it will soon head to the Senate. For better or worse, its debut on the Senate floor is, however, still weeks away. So, while we have a moment of legislative down time, let’s take a quick look at some basic facts about CISPA to help make sure the conversation surrounding the bill stays in the realm of reality as it moves into its next phase.

1. CISPA has nothing to do with SOPA

Chances are, if you’ve read something about CISPA over the past few weeks, you probably heard SOPA, the defunct Stop Online Piracy Act, mentioned in the same breath. That’s understandable, but also unfortunate, as it has caused a great deal of confusion about what CISPA is, and why it’s problematic. (I am by no means innocent in this matter, either.)

So, here are the differences between the two: CISPA has to do with privacy. SOPA dealt with censorship. CISPA threatens our Fourth Amendment rights — the right against “unreasonable searches and seizures” — because it allows businesses to hand over a staggering amount of information about us to the federal government with impunity. SOPA threatened our First Amendment rights — the right to free speech — because it would have allowed the federal government to block access to websites using the same practices employed in oppressive regimes, like Iran and China.

The only similarity between the two is that they end in “PA” and have to do with the Internet. That’s it.

2. CISPA got better with amendments

Though some privacy and civil liberty advocates may disagree, CISPA really did improve prior to its passage in the House. A total of 11 amendments were added to the bill, some of which made positive changes to the types of information that may be shared, and how the government may legally use that information. Leslie Harris, president and CEO of the Center for Democracy & Technology (CDT), lays out the key details of these changes here.

One added provision, known as the Quayle amendment, has raised the most number of eyebrows. It outlines the purposes for which the government may use information collected from businesses. They are as follows:

  1. cybersecurity;
  2. investigation and prosecution of cybersecurity crimes;
  3. protection of individuals from the danger of death or physical injury;
  4. protection of minors from physical or psychological harm; and
  5. protection of the national security of the United States

Some CISPA critics believe this provision still grants the government too much power, because some of the purposes have nothing to do with “cybersecurity” whatsoever. And while it may be true that CISPA does give the government too much power to use information in untold ways, the Quayle amendment actual limits the government’s power more than the earlier text of the bill because it outlines exactly the ways law enforcement may use data collected under CISPA, rather than giving authorities the ability to use CISPA data however they like.

“Because the Quayle amendment explicitly proscribes all but a handful of ways in which government may use shared information, I firmly believe it’s a huge improvement over the previous language,” said Ryan Radia, Associate Director of Technology Studies at the Competitive Enterprise Institute, in an email. “The bill as passed by the full House is still very problematic, to be sure, but it’s less troubling than the unamended version thanks to, inter alia, the Quayle amendment.”

“Information shared with the government pursuant to CISPA can and will be used for purposes that have nothing to do with cybersecurity or national security,” Radia adds. “That’s extremely worrisome, to be sure. But that each of the uses listed in the Quayle amendment were already permissible under the previous version of the bill – along with any other lawful, non-regulatory government use under the sun.”

3. …But it’s still fundamentally broken

As the CDT and other critics warn, CISPA remains a dangerous bill, despite the improvements. For starters, the bill still does not provide any limits on the information shared under CISPA to be passed along to shadowy organizations, like the National Security Agency, which has essentially no public oversight. Furthermore, CISPA still allows data collected under the bill to be used for vague purposes of “national security,” a term that could mean almost anything.

Privacy advocates will push to have CISPA further amended in the Senate to restrict access to the shared data, and more narrowly define the “national security” purpose in the bill.  

4. CISPA is not the only cybersecurity bill in Congress

While CISPA has taken center stage in the cybersecurity legislation arena, it is not the only player on the court. In the Senate, two competing bills stand a chance of becoming law. The first is the Cybersecurity Act of 2012 (S. 2105), which was introduced by Sen. Joe Lieberman (I-CT), and has the backing of Senate Democrats and the White House. The second is the SECURE IT Act (S. 2151), introduced by Sen. John McCain (R-AZ).

As the Electronic Frontier Foundation notes, both bills have their own set of problems. And, as with CISPA, the problems primarily stem from the “broad language” of the bills, and how certain terms, like “cybersecurity threat” and “cybersecurity threat indicator,” are defined. Despite these potential deficiencies, neither bill has yet raise quite as much ire as CISPA.

Of the three bills — CISPA, Cybersecurity Act of 2012, SECURE IT Act — Lieberman’s bill currently stands as the pack leader thanks to its government protections for critical infrastructure networks, like electrical grids and water delivery systems (something President Obama has demanded), and for requiring that any company that shares information with the federal government must first anonymize the data — a provision CISPA clearly lacks.

5. CISPA likely won’t pass the Senate (unchanged)

While CISPA was particularly popular with House Republicans, the Democrat-controlled Senate will almost certainly require more robust privacy protections before the bill stands a chance at passage — especially considering that the Obama administration has threatened to veto the bill without certain changes that have not yet been met. In fact, according to Politico reporter Jennifer Martinez, CISPA is “basically dead on arrival” in the Senate due privacy concerns.

It is possible that we will see CISPA combined with either the Lieberman or the McCain bill, though which parts will remain is far from clear at this point. If CISPA does undergo such changes, it will have to go back to the House to be voted on again before it can be sent to President Obama. And if the bill contains any types of government regulations, House Republicans will likely shoot down the bill.

In short: The battle over CISPA is far from over, and could take a number of twists and turns before we have any sort of resolution to the matter. For those of you concerned with these bills, I recommend you prepare yourself for the long haul.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

Awesome Tech You Can’t Buy Yet: inflatable backpacks and robotic submarines

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Movies & TV

The best shows on Netflix in August, from ‘Dark Tourist’ to 'Disenchantment'

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.
Mobile

Protect your titan with the best Samsung Galaxy Note 9 screen protectors

The Samsung Galaxy Note 9 is one of this year's best phones. But what if you break the screen? Thankfully we've got the best Samsung Galaxy Note 9 screen protectors to keep that 6.4-inch screen safe.
Mobile

Swapping an iPhone for a BlackBerry made me appreciate the physical keyboard

BlackBerry is preparing to release the BlackBerry KeyTwo, a new phone with a physical keyboard. If you've never used one, and are a touchscreen typist, what would it be like to swap? We changed our iPhone to a BlackBerry KeyOne to find out.
Smart Home

4 reasons my love affair with Amazon is fizzling

I used to be an avid Amazon shopper. But some things have happened recently that’s made me question my loyalty to the retail giant. And to be honest, I’m not sure if I can trust them any longer.
Mobile

iOS 12 is more evidence you should buy an iPhone, not an Android phone

The next version of Apple’s mobile operating system, iOS 12, will be compatible with devices all the way back to 2013’s iPhone 5S. Android phones from the same era didn’t even see 2016’s software update. It’s further evidence you…
Computing

Can we get an apology? Two big MacBook fails that Apple should fix at WWDC

WWDC is just around the corner, but if you're hoping for a new MacBook Pro, don't hold your breath. Even though it'll probably only be a CPU bump, there are two significant problems with the current MacBook Pro that have been ignored for…
Smart Home

Is Apple showing up late to the smart home party, or just not coming?

Apple’s WWDC 2018 featured a lot of little announcements, but what was largely missing was news on the smart home front. Is Amazon planning on being late to the smart home party, or are they planning on attending at all?
Mobile

5 obviously stupid iPhone problems that iOS 12 doesn’t even try to fix

At WWDC 2018, Apple took the wraps off the latest version of its iOS operating system. iOS 12 introduces quite a bit of changes -- visually and under the hood -- but there are still some basics that it doesn’t address. Here are a few of…
Health & Fitness

Ugh. I’m done with fitness trackers, and so is the world

In 2016, everyone was tracking their fitness. In 2017, people grew tired of it. In 2018, I’m done with it. I’m going tracker-free in my workouts from now on.
Computing

MacOS Mojave brings evening elegance to your Mac experience

The MacOS Mojave public beta is out now, with an official release coming later this fall. Chock-full of quality-of-life upgrades, we took it for a test drive to get a sneak peek at what you can expect from the next major update to MacOS…
Gaming

Google might be planning a game console. That doesn’t mean it will happen

A new report suggests that Google is working on a game console, code-named Yeti. The reports about Google's game console are likely true, but that doesn't mean we will ever see it.
Home Theater

Why I still won’t wear wireless headphones

Wireless headphones promise liberation from cords, tangles, and snags, but there’s just one issue holding them back: battery life. And until manufacturers figure it out, sales numbers prove consumers aren’t yet biting.