On Thursday 26 March, the Republican-dominated House of Representatives approved the Cyber Intelligence and Sharing Act (CISPA). CISPA follows, but is distinct from the Stop Online Piracy Act (SOPA) which was met by widespread protest, perhaps most notably from Wikipedia, and ultimately stalled. One of the authors of the bill, Republican representative Mike Rogers, has said that the goal of the bill is to protect the US’s intellectual property (IP). CISPA broadly aims to allow the Government and the private sector to identify and share threat information for the purpose of national security. The term ‘Cybersecurity Purpose’ is defined in the bill as:
the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network, including protecting a system or network from— ‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or ‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
Unlike SOPA, CISPA has received wide support from technology companies including Facebook and Microsoft as well as technology trade associations, including TechAmerica, who ‘applaud’ the CISPA framework for recognising that the cyber problem is shared by both government and industry. They see it as a move toward the timely sharing of threat information. Similarly, Joel Kaplan of Facebook noted it imposes no new obligations to share data with anyone, and would allow the company ‘to continue to safeguard user information.’
However, like SOPA, CISPA has come under fire from privacy advocates. Amongst those, the American Civil Liberties Union has argued the bill is overly broad in its language, with the implication that it could transcend existing privacy law. More significantly the Obama administration has issued a veto threat stating that it ‘strongly opposes’ CISPA in its current form, noting that ‘cyber security and privacy are not mutually exclusive’ and information-sharing alone is not enough to protect America’s critical national infrastructure.
The Act still has to be approved by the Democrat-dominated senate, which, given the Obama administration’s opposition, appears unlikely, at least without heavy revision. As such, it does not seem that the CISPA bill will be passed. However, there is a definite appetite for information sharing and cyber security legislation, with the Senate drafting its own legislation in this area. While it may not be CISPA, some legislation in this area is likely to appear soon. Ideally this legislation will help facilitate to the effective sharing of threat information to allow industry and the Government to effectively mitigate cyber threats