The U.S. House of Representatives passed the Cyber Information and Security Protection Act late Thursday despite concerns over user privacy, the specter of SOPA/PIPA, and a veto threat from the Obama administration. The idea behind CISPA is to empower the government and corporations to work together to better protect American infrastructure from foreign attacks. But many civil liberties groups say the bill is too broad and threatens user privacy.
The Center for Democracy and Technology said it is “disappointed that CISPA passed the House in such flawed form.” And the Electronic Frontier Foundation condemned the vote, saying it “would allow companies to bypass all existing privacy law to spy on communications and pass sensitive user data to the government.”
There’s little doubt that online security is a serious issue for large corporations. Recent reports of online security breaches have involved such high-profile targets as Google, security firm RSA, Verisign, and credit card processing company Global Payments. But whether CISPA is the right legislation to tackle those concerns is hotly debated.
So what is CISPA? Should you be concerned about this legislation? Here’s what you need to know.
What Does CISPA Do? (view infographic (NCTP post))
CISPA allows the government to share classified information about security threats with select American companies. These corporations can then use that information to better protect their infrastructure such as computer networks containing intellectual property and trade secrets. The bill also allows corporations to share information relating to cyber security with the authorities and protects those companies against privacy lawsuits. Critics say an Internet Service Provider would be free to share a customer’s private communications such as e-mail and instant messages without a court order if the information related to a cyber security concern.
CISPA allows this information to be used not only to protect against cyber attacks, but also to protect individuals from bodily harm, protect children from sexual exploitation, and for general American national security.
CISPA would shield companies from privacy-related lawsuits brought by customers. And corporations could share information relating to cyber security with each other without fear of the government bringing an antitrust suit against them.