The House of Representatives changed, then passed, the controversial Cyber Intelligence Sharing and Protection Act, better known as CISPA, late Thursday afternoon. As the dust settles, many are wondering where CISPA stands now and where it’s headed next.
Hey Mashable, what’s CISPA?
CISPA’s designed to let private business share information about cybersecurity threats with one another and with the U.S. federal government.
If, for example, Microsoft’s cybersecurity team detects a threat that might also have an impact on Facebook, Microsoft’s team could give Facebook’s people a call without worrying about legal barriers to that kind of communication. Microsoft could also give that heads-up to the federal government, and vice-versa.
Well, that sounds fine and dandy. Why’s CISPA controversial?
Privacy and civil liberties groups argue that CISPA would allow businesses such as Facebook to give the federal government (and the intelligence community) users’ private communications and other sensitive personal data.
The two parts of CISPA these groups consider most offensive are a national security clause and a liability clause. The first, they say, would allow CISPA to be used in any case where national security is deemed at risk — a potentially broad category. The second would protect any business that shares cybersecurity information from lawsuits — including suits from users who think their private information may have been shared without justification.
That’s not so great. How’d this bill pass the House?
CISPA’s authors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), worked with civil liberties groups and companies such as Facebook and Microsoft to try to address everybody’s concerns with their cybersecurity legislation. That means a lot of stakeholders were included in the bill, generating strong support among private firms, cybersecurity experts and Congresspeople.
CISPA had more than 100 co-sponsors and a lot of business support before it came up to a vote — a strong sign that it was well on its way to passing.
You said CISPA was amended — so it’s fine now, right?
That depends on whom you’re asking.
Many businesses and cybersecurity experts welcome the legislation, because it allows them to team up against the Internet’s bad guys — who are coordinating to launch cyberattacks every day.
However, most privacy groups aren’t sold. One amendment that would’ve removed the national security clause while ensuring civilian oversight of data shared with the government under CISPA was blocked from debate by House leadership. Some companies that once applauded CISPA, such as Microsoft, have backed away from the bill.
Other amendments which tightened up language, restricted the type of information that can be shared with the government and gave the civilian-controlled Department of Homeland Security more oversight in the data-sharing process were debated and passed, but they didn’t go far enough to win over privacy groups’ support.
What’s next for CISPA?
CISPA’s headed to the Democrat-controlled Senate, where one of two things can happen: The Senate can vote CISPA up or down as it was passed in the House, or they can amend it further.