Sasso reports: "Online activists who helped sink the Stop Online Piracy Act (SOPA) earlier this year have now turned their sights to a House cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA)."



File image, internet censorship. (photo: The Inquistir)

SOPA, PIPA and Now CISPA

By Brendan Sasso, The Hill

nline activists who helped sink the Stop Online Piracy Act (SOPA) earlier this year have now turned their sights to a House cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA).

In recent days, posts comparing CISPA to SOPA have received thousands of "up votes" on Web forum Reddit and have reached the front page of the popular link and discussion site.

Reddit helped rally opposition to SOPA and was one of the first major websites to declare that it would black out in protest of the anti-piracy bill. The massive Web protest, which was joined by Google and Wikipedia, caused a public outcry and forced Congress to scrap the anti-piracy bill.

Recent posts on Reddit have called CISPA the "return of SOPA," "the latest attempt by Congress to try to regulate and control the Internet" and a "draconian privacy invasion bill."

A Google search for "CISPA" now returns numerous blogs that decry the legislation as an attempt to censor the Internet. One online petition opposing the bill has already gathered more than 300,000 signatures.

But a House aide who supports CISPA said the measure has nothing to do with anti-piracy enforcement or censorship.

"There's no authority to censor or block sites in the bill," he said. "The only authority is to share information with the private sector and for them to voluntarily share it with the government. There's nothing in here that would allow you to block or shutdown a website."

CISPA, which is authored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) and has more than 100 co-sponsors, is expected to come to the House floor for a vote during the week of April 23.

The goal of legislation is to help companies beef up their defenses against hackers who steal business secrets, rob customer financial information and wreak havoc on computer systems.

"Every day U.S. businesses are targeted by nation-state actors like China for cyber exploitation and theft," Rogers said in a statement last month. “The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks."

The bill would tear down legal barriers that discourage companies from sharing information about cyber attacks. Some companies are worried that antitrust laws bar them from cooperating with each other to address cyber threats, and some fear they could be held liable if they reveal information after an attack.

Kendall Burman, a senior fellow with the Center for Democracy and Technology, said her concern with the bill is really about privacy.

She said her organization is not opposed to all legislation that encourages companies to share information about cyber attacks, but she warned that the broad language in CISPA could lead to companies handing over people's personal information to the government.

The bill encourages companies to share "information directly pertaining to a vulnerability of, or threat to a system or network." Burman argued that definition could be interpreted broadly and could include data unrelated to real cyber threats, including information about people illegally downloading movies or music.

The House aide who supports the bill said the definitions are intentionally broad so that Congress won't have to update the law every time a new technology emerges. The aide also said the bill does not cover copyright infringement.

"Some kid in the Dallas suburbs illegally downloading movies doesn't come close to our definition," he said.

Unlike other cybersecurity bills pending in Congress, CISPA does not require that companies strip out personally identifiable information, such as names, addresses or phone numbers, from the data they turn over to the government.

Burman expressed concern that the information could be shared with military spy agencies, like the National Security Agency. She argued that a domestic agency, such as the Homeland Security Department, would be more appropriate for handling cyber threat information.

"This bill drives a truck through privacy law," Burman said.

In addition to the Center for Democracy Technology, privacy groups including the American Civil Liberties Union and the Electronic Frontier Foundation are also rallying opposition to CISPA.

Burman said she is "encouraged" that people are starting to pay attention to the cybersecurity debate, and she criticized lawmakers for not taking more time to debate the measures.

"People understand that these issues matter," she said. "Congress can't regulate in a black box on something that affects the Internet like this."

But the House aide expressed skepticism that the protests will attract the same level of attention as the SOPA blackouts in January.

He said the "real muscle" behind the SOPA protests were Web giants like Google, Facebook and Wikipedia.

Most Web companies have either sat on the sidelines in the cybersecurity debate or some, including Facebook, have endorsed CISPA.

"The Internet industry loves this bill," the aide said. "They want these authorities."