A new cyber-security bill in the House, CISPA, is so broadly written that it would allow companies to share all kinds of customer data with the government and other companies, without regard for privacy considerations. Activists are calling it the next iteration of SOPA, but are having trouble drumming up the outrage

The Internet has found a new enemy, in form of cyber-security legislation that has wide-ranging privacy implications. As far as the cyber-activists are concerned, the latest bill, CISPA, is worse than .

As a refresher, SOPA, or Stop Online Piracy Act, was introduced in a sub-committee at the House of Representatives last fall. Despite tech giants such as Google and Facebook opposing the anti-piracy bill’s draconian measures which could curb innovation and restrict speech on the Web, it seemed on track to be approved in committee and to reach the House floor for a full vote by January or February. PIPA, or Protect Intellectual Property Act, was the Senate counterpart and had actually been approved by the committee back in May. After an launched by online encyclopedia Wikipedia, link sharing site Reddit, and hundreds of other sites, the bills’ supporters .

The Cyber Intelligence Sharing and Protection Act, or CISPA, focuses on defending companies from cyber-attacks and theft. While SOPA focused on giving broad tools to copyright holders and law enforcement authorities to go after pirates and copyright infringement, CISPA addresses how information would be shared between private companies and the government to catch malicious actors breaching networks to steal information or sabotaging systems.

“A bill to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cyber-security entities, and for other purposes,” the bill said.

CISPA's Supporters

CISPA, if passed, would amend the 1947 National Security Act to allow the Director of National Intelligence to define how classified information would be shared. The bill does not specify which agencies Internet service providers would disclose customer data to, but there is a “very real possibility” that it could go to the National Security Agency or the Department of Defense’s Cybercommand, according to the Center of Democracy and Technology.

Cyber-activists began drumming up opposition to the bill over the weekend, through a threat on Reddit, an online petition on Avaaz.org, and flurry of Twitter posts. However, the battle against CISPA is dramatically different from what happened with SOPA and PIPA. This time, a lot of the corporations are not on their side.

Social media sites, telecommunications companies and tech giants, including Facebook, Microsoft, Verizon, Intel, IBM and AT&T, have publicly stated their support for CISPA.

Rep. Mike Rodgers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) introduced CISPA, framing the bill as a way to protect American intellectual property from state-sponsored digital theft of intellectual property.

“Every day US businesses are targeted by nation-state actors like China for cyber exploitation and theft. This consistent and extensive cyber looting results in huge losses of valuable intellectual property, sensitive information and American jobs. The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks,” said Rogers in a statement published on his website.

Problems with CISPA

However, the broad language means there is no explicit restriction about the type of information being shared between government and companies, so long as it could somehow be linked to cyber-threats. That’s very worrisome on privacy grounds, since it makes it easier for companies to hand over any information the government asks for and not worry about getting sued by irate users.

Privacy and online speech advocate Electronic Frontier Foundation attacked the proposed bill last month, claiming that it unfairly targets anti-government whistleblower sites. “The language is so broad it could be used as a blunt instrument to attack Websites like The Pirate Bay or WikiLeaks,” wrote EFF’s Rainey Reitman.