The Cyber Intelligence Sharing and Protection Act of 2013, co-written by Rep. Mike Rogers (R-MI), and Dutch Ruppersberger (D-MD), purports to address the lack of legislative grounding for cybersecurity efforts in the U.S. by giving companies the ability to “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company. Companies would then be allowed to share this “threat information” with the government for “cybersecurity purposes”.
The bill has not seen the massive public and corporate resistance that met with last year’s attempts to pass anti-piracy/intellectual property legislation in the form of the Stop Online Piracy Act (SOPA), and the Protect IP Act (PIPA). The public, along with a myriad of organizations of all stripes, as well as leading companies like Google (GOOG) and Facebook (FB) were in unison in opposing those measures, and to great effect since neither of them were passed.
The response to CISPA, on the other hand, has been more complicated. The bill is opposed by the most reputable civil-liberties organizations, along with a raft of other civil society groups, think tanks, and so on, including the ACLU, the Electronic Frontier Foundation, the Cato Institute, the American Library Association, the Republican Liberty Caucus, and Reporters Without Borders.
Even the present White House has threatened to veto the legislation, declaring that it would not support any bill that would “sacrifice the privacy of our citizens in the name of security”.
Concerns about CISPA relate to the bill’s imprecise wording, combined with the latitude it gives to both private companies and the federal government to access and use the private information and/or data of individuals.
It is feared that the wording of the legislation allows for broad enough interpretation that terms such as “cybersecurity” and “cyber threat” could be interpreted to mean just about anything of which a given company, or the federal government, does not approve.
Furthermore, companies that decide to share personal information, such as the contents of emails, with concerned third parties, such as the federal government, would be more or less immune from any sort of legal consequences, unless it could be somehow proven that they did not act in good faith. The most controversial provisions of CISPA would go on the books “notwithstanding any other law,” in other words overriding all currently existing privacy-protection legislation, including the Freedom of Information Act.
Assuming the worst-case scenario, it is not difficult to understand opposition to the legislation. On the other hand, while the rejection of SOPA and PIPA was fairly vocal and ubiquitous, private-company opposition to CISPA is conspicuously absent.
In fact, the House Intelligence Committee has posted the letters of support it has received from different companies and groups on its website. Among these are business organizations, such as the chamber of commerce, but also major companies like AT&T (T), Boeing (BA), Century Link (CTL), Juniper Networks (JNPR), Motorola Solutions (MSI), Time Warner Cable (TWC), and Verizon Wireless (VZ).
Facebook, while not openly in support of CISPA, did support an earlier version of the bill introduced last year, and while it objects to the sharing of its users’ personal information, does claim to see the need for some of the legal framework that is being proposed.
TechNet, a trade association representing the most prominent tech companies, such as Apple (AAPL), Google (GOOG), Yahoo! (YHOO) and others, has even written a letter in support of the bill. And surely, it makes sense that tech companies, and others who rely on the internet for their business, would want to safeguard their livelihood.
In the meantime, resistance to the bill beyond civic organizations and the internet savvy portion of the populace has faltered. Last year, the hacker collective Anonymous called for an internet blackout on the part of companies who stood in opposition to SOPA/PIPA. The call was widely heeded, and the effect was powerful.
This time around, CISPA legislation may shipwreck not because of popular opposition, which is still substantial (though Anonymous’s calls for another blackout this last Monday went embarrassingly unheeded), but rather, due to the fact that the Senate is currently far too preoccupied with the twin controversies of gun control and immigration reform to take on another issue.
Either way, CISPA is perceived by many businesses as being in their best interest, in a day and age when just about any real-time threat can also be reproduced on the internet.