CISPA legislation seen by many as SOPA 2.0


In spite of their hopes, Internet activists are finding that their efforts to keep the digital world free of further regulation did not end with SOPA’s defeat.

The Cyber Intelligence Sharing and Protection Act of 2011 is working its way through Congress, and is the latest proposed legislation to raise concerns among privacy activists. Introduced in November by Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), the stated goal of CISPA is to create new channels for communication between government intelligence entities and private firms regarding potential and emerging cyber-security threats.

The communication would deal primarily with what the legislation deems “cyber threat intelligence,” which it defines as “information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or a network of a government or private entity.”


The threats listed under the umbrella of cyber-threat intelligence include “efforts to degrade, disrupt or destroy” systems or networks, as well as “theft or misappropriation of private or government information, intellectual property or personally identifiable information.”

It’s the inclusion of intellectual property that’s a major point of contention for those looking at the bill’s broad language with a skeptical gaze. Many fear that CISPA is essentially a retooled version of SOPA, which was taken off the table in Congress after a concentrated effort by Internet giants such as Google, Wikipedia and Reddit, which either supported or held blackouts in protest of the bill.

Rainey Reitman and Lee Tien of the Electronic Frontier Foundation released a statement outlining their concerns about the inclusion of intellectual property in CISPA.

“It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.”

Its supporters paint CISPA in another light, framing it as an essential national security safeguard and a shield against the continued targeting of U.S. businesses by “nation-state actors like China,” according to Rogers.

“Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day,” Ruppersberger said in a statement celebrating the bill reaching 105 co-sponsors.

CISPA has the support of organizations that include AT&T, Facebook, IBM, Microsoft, Oracle, Symantec, the U.S. Chamber of Commerce, Verizon, with Facebook sending over a particularly supportive letter of endorsement.

The process by which CISPA facilitates information sharing revolves around the director of National Security, who would appoint members of the intelligence community as gatekeepers to weed through employees of firms seeking to link up with the government and grant security clearances as they see fit. The bill also would give the intelligence employee discretion to speed up the process.

Once given clearances, any concerns falling under the cyber-threat intelligence category that are exchanged between the government and private party would be “considered proprietary information” not to be divulged beyond the two parties without approval.

All of this sharing, as the legislation currently stands, “supersedes any statute of a State or political subdivision of a State that restricts or otherwise expressly regulates” the exchanges between the government and those it exchanges information with.

And it’s within this sharing that the key difference between SOPA and CISPA lies. SOPA was focused on establishing punitive measures, mainly through revoking domains found to be hosting copyrighted content, which in turn would make Google responsible for every music video or movie clip posted to YouTube without the expressed consent of copyright holders. CISPA, on the other hand, is focused on information being made readily available between approved entities and the government.

That distinction may explain the support of Facebook, which was one of the many technology firms opposed to SOPA. CISPA includes an exemption of liability granted to those firms taking part in CISPA’s information exchanges -- possibly freeing tech firms from the responsibility of regulating users and the danger of being taken offline for alleged copyright violations -- so long as they get approval from the government, actively divulge cyber-threat intelligence concerns and are “acting in good faith.”

And it’s the widespread distrust of these parties, both in private industry and the government, of actually acting in good faith that is driving the growing concerns over CISPA’s progression in Congress, and the nearly 600,000-person petition against it currently sitting on

To read CISPA in its entirety, click here.

Original source: CISPA legislation seen by many as SOPA 2.0