FAQ: What you need to know about CISPA
The House version of the information-sharing bill passed last week
Computerworld - The U.S. House of Representatives last week passed the controversial Cyber Intelligence Sharing and Protection Act despite opposition from privacy advocates, lawmakers and even the White House, which threatened to veto the bill if it lands on the president's desk in its current form.
Here's what you need to know about CISPA.
What is CISPA? CISPA is short for the Cyber Intelligence Sharing and Protection Act (H.R. 3523). U.S Reps. Mike J. Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.) introduced the bill in the House in November. The bill is designed to bolster cybersecurity by enabling better information sharing between Internet companies and the government. An amended version of the bill passed the House by a 248-168 vote Thursday.
What sort of information sharing? CISPA would allow Internet companies, such as Internet service providers, to monitor their networks and to collect, analyze and share information on any user activities that they believe present a threat to their networks. The law would allow companies to share any information "pertaining to the protection" of their networks with the National Security Agency and other federal agencies. In return, federal agencies would share both classified and unclassified cyberthreat information in their possession to help Internet companies bolster their defenses against cyberthreats.
Who supports CISPA? CISPA has broad support from many technology companies, industry trade groups and lawmakers who say that information sharing is vital to cybersecurity.
Why do privacy advocates and rights groups oppose the bill? Organizations such as the Electronic Frontier Foundation, the American Civil Liberties Union and the Center for Democracy and Technology say the bill is dangerous because it is too vaguely worded. They worry that the bill would allow Internet companies to collect an almost unlimited set of information about Internet users and would allow the companies to share the information with government agencies such as the NSA, without judicial oversight. The law would also allow Internet companies to use a "cybersecurity exception" clause to skirt the privacy protection provided by statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.
What do you mean by vaguely worded? Critics claim the bill uses loose language to describe cyberthreats, network security attacks, countermeasures, cybersecurity systems, and other crucial terms. They claim the ambiguity can create big problems. For instance, CISPA offers no clear explanation of what activity defines a cyberthreat, although companies would be allowed to monitor and share information about those activities. The language would also allow companies to collect information on almost all Internet communications, and justify it on cybersecurity grounds. Even innocuous activity such as using a proxy server or an anonymizer could be deemed a suspicious activity under CISPA.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Gov't Legislation/Regulation White Papers | Webcasts