NEW YORK – Almost no one had read the Cyber Intelligence Sharing and Protection Act (CISPA) before it was rushed through the United States House of Representatives in late April and sent to the Senate. CISPA is the successor to SOPA, the “anti-piracy” bill that was recently defeated after an outcry from citizens and Internet companies. SOPA, framed by its proponents in terms of protecting America’s entertainment industry from theft, would have shackled content providers and users, and spawned copycat legislation around the world, from Canada and the United Kingdom to Israel and Australia.
Now, with CISPA, the clampdown on Internet freedom comes in the guise of a bill aimed at cyber terrorism that should give Internet entrepreneurs – and all business leaders – nightmares. And yet, this time, major Internet and technology companies, including Facebook and Microsoft, supported the bill, on the grounds that it would create a clear procedure for handling government requests for information. Microsoft, at least, belatedly dropped its support after recognizing that the law would allow the US government to force any Internet business to hand over information about its users’ online activities.
But the bill is far more alarming than that. For example, “the head of a department or agency of the Federal Government receiving cyber threat information…shall provide such cyber threat information to the National Cybersecurity and Communications Integration Center of the Department of Homeland Security.” No actual threat need be made. And what counts as “threat information” is defined so broadly that it can mean anything. “Notwithstanding any other provision of law,” the government may rely on “cybersecurity systems to identify and obtain cyber threat information.”
The vague concept of “cyber threat information” does not just let DHS investigate anyone. By including information pertaining to “a vulnerability of a system or network of a government or private entity,” and the “theft or misappropriation of private or government information, intellectual property, or personally identifiable information,” the bill appears to target whistleblowers and leakers, and threatens investigative journalism.