What is CISPA?

An acronym for the Cyber Intelligence Sharing and Protection Act.



In January 2015 the House reintroduced CISPA again. This is actually CISPA’s third time being proposed by Congress. The proposed Act dates back to 2011, when it was introduced; the bill passed the House of Representatives in 2012 but not the Senate. CISPA was proposed again in 2013; it again passed the House but then died before it could be voted on in the Senate.

CISPA 2015 has now been referred to the House Committees on the Judiciary, Armed Services, Homeland Security, and Intelligence to see if it will come to the House for a vote.

CISPA is a bill designed to help companies (like Sony) fight cybercrime and hackers.

To do this, the bill allows the federal government to pass specific, classified information about would-be hackers and other attacks directly to companies. That, in and of itself, is not necessarily a bad thing.The very bad thing here is that the bill also “allows” companies to pass information that it gleans about “cyber threats” to the federal government, meaning information about its users.

A “cyber threat” is classified extremely broadly, meaning that someone who sends a spam email (even if they were hacked or phished themselves) could have their information sent not only to the federal government, but to state and local law enforcement, as well.

Finally, there is company liability protection built into the bill, meaning that if, say, Facebook were to wrongly send your information to the government, the company cannot be held liable.

“CISPA would encourage the open sharing of personal data with nearly no privacy protections—a profound abuse of users’ rights,” – Drew Mitnick (a lawyer with Access, a civil liberties organization).

CISPA stands for The Cyber Intelligence Sharing and Protection Act, a network and Internet security bill written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD).

House Democrat, Representative Dutch Ruppersberger, has decided to re-introduce CISPA after the Sony hacks, which the US government blames on North Korea.

The bill purports to allow companies and the federal government to share information to prevent or defend against network and other Internet attacks. However, the bill grants broad new powers, allowing companies to identify and obtain “threat information” by looking at your private information. It is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.