Last week, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). CISPA would authorize Internet service providers and other companies to share customer communications and other personal information with governmental agencies. The intent of the bill is to enhance information sharing for data security purposes, however, many organizations such as the Center for Democracy and Technology and the ACLU strongly oppose the bill, and President Obama has threatened to veto it.
Critics of CISPA state that the bill is overbroad and does not contain appropriate privacy, confidentiality or civil liberties safeguards. According to the White House’s statement, "the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information." For example, CISPA could allow companies to give email communications to the government with no judicial oversight if the emails contained cyber threat information. Supporters argue that this information sharing is necessary in order to prevent cyber attacks. Initially internet companies appeared to have supported the bill, although this week Mozilla announced its opposition to the bill and Microsoft has expressed concern over the bill’s impact on personal privacy.
In addition to privacy concerns, an interesting article on Slate had another take on CISPA – that it will effectively overwhelm the government with more data than it can handle, noting that "analyzing the world’s data to identify potential cyberthreats has gone from difficult to impossible. The volume of digital information has become far too large."
CISPA now moves to the Senate for consideration, where it will compete with at least two other cyber security bills.