On Thursday the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) despite continued controversy regarding privacy concerns and even a threat of veto from the White House.
The measure, which was approved by a 248-168 vote, would make it easier for the federal government as well as corporations in the private sector to share cyberthreat data with one another.
Less than a day after the passage in the House, battle lines were already being drawn, as groups such as the Electronic Frontier Foundation and ACLU vowed to continue to fight the bill as it headed to the Senate.
“CISPA is simply an overreach, done in a way that gives companies a business interest to lend their support,” said Jim Purtilo, associate professor in the computer science department at the University of Maryland. “I think we need to be looking at serious balancing acts.”
Replay of SOPA
Critics of the bill have compared CISPA to the Stop Online Piracy Act (SOPA), which failed to pass the House earlier this year.
“These are similar in the general intent,” Aram Sinnreich, assistant professor of journalism and media studies at Rutgers University, told TechNewsWorld. “These both limit privacy on the Internet and give companies and the government greater power to track what individuals are doing online. These really are censorship acts.”
The intent of SOPA was to create a blacklist of websites, which an ISP would use to prevent access.
“CISPA is much more dangerous,” added Sinnreich. “It gives large corporations and the government the ability to spy on users’ online activity without their knowledge or consent. Moreover, it uses a specific clause that makes whatever laws passed in the past ensuring privacy irrelevant. Essentially it unilaterally destroys privacy protection.”
It could in essence turn corporations into watchdogs for the government, according to critics.
“CISPA would remove liability for a corporation’s disclosure of someone’s personal information to the government, even if unconnected with some cyber incident,” Purtilo told TechNewsWorld. “As a practical matter, this creates an incentive for companies to aggressively contribute extensive user data for government use, since while there is no downside to giving it up, there could be a perceived liability to having possessed information which was not shared yet later found to have been tied even tenuously with some incident. For their own safety, participating companies would surely have to err on the side of giving the feds everything.”
Corporate World on Board
In part because companies might want to stay on the side of caution, there has not been the same level of opposition to CISPA that there was with SOPA. Fewer corporations oppose this bill, while many even support it.
“Unlike SOPA, this one has a lot of supporters,” said Sinnreich, noting potential opportunities it could provide. “It could open the door for companies and give them carte blanche to share user information. This could be a way for a new wave of data mining, among other things.”
The Next Move
Though the bill has passed the house, the next step is the Senate. But even after that, it could be a long way until it becomes law. Even that might not be the end of it.
“The chances of support of it are higher than it was with SOPA,” said Sinnreich. “President Obama has threatened to veto it in its current state; however, it is reasonable to assume that if there are revisions or if it is streamlined that it could be passed into law.”
After that, said Sinnreich, it likely could be challenged in the Supreme Court, though he stressed “that is five chess moves down the line.”
And with each of these moves awareness grows. This could certainly determine how it plays out.
“Media coverage plays a big part in consumer attention towards privacy controls,” Josh Crandall of NetPop Research told TechNewsWorld. “Consumers must be aware of how companies and the government store and use personal information. From civil liberties to the companies we decide to rely on, the issue of privacy will become more pronounced as we continue to shift our lives online.”
CISPA is not the only cybersecurity bill currently being addressed in Congress at present. The issues of privacy and corporate interests will likely only get more complex.
“A company’s interest in protection from liability is completely understandable since the legal framework around cyberspace gets more complex each day, but this protection comes at the expense of liberty,” emphasized Purtilo. “An individual’s personal information — and perhaps a broad view of what this is, in light of the bill’s expansive scope — could be given to the government without commensurate control.”
Given the growing debate, this likely is just the beginning. The balance between security and privacy will likely only become more complex with the reliance on technology in the digital age.
“The capper to this of this is that these issues are not going to go away,” said Sinnreich. “Where do we draw the line between security and digital freedom? That is an issue we will continue to grapple with, and there is no easy solution that we can make.”