Today I listened to a podcast on Tech Talker by Eric Escobar
titled "What is CISPA." (http://techtalker.quickanddirtytips.com/what-is-cispa.aspx) Eric begins by giving a short overview of
what CISPA is. CISPA is the Cyber Intelligence Sharing and Protection Act. Eric
then explains that the bill was designed to allow better communication between
the U.S. government and private companies such as Google, Facebook, Yahoo, etc.
by allowing this communication to be used to aid in stopping cyber-attacks. To
accomplish this there would be open communication between the government and
companies. The government could notify companies if they detect an attack that
might take down their website. Also companies could notify the government if
they notice unusual activity on their networks that might suggest a cyber-attack.
This would allow for a quick response when dealing with cyber-attacks.
Eric goes on to state that the bill sounds good and then he
points out that there are vaguely written parts of the bill. Those parts of the
bill that are vaguely written would allow companies to share user information
directly with the government. Information such as what is found in the cloud,
email, and Facebook could possibly be read by the government without a warrant.
You won't be notified when your data is given away and thus you won't know if
your data had been given away. Companies would be protected from legal
consequences that would result from sharing the user data. Eric admits that
this is a worst case scenario but says it is all possible within the scope of
the bill.
Will CISPA become law? When compared to SOPA and PIPA, CISPA
is not facing quite as much opposition. That is because it is designed to fight
cyber threats that cost companies large sums of money. Several large companies
such as AT&T, HP, Comcast, and Verizon are supporters of this bill. CISPA
made it through the House of Representatives but has not made it through the
Senate. Without making it through the Senate, CISPA will not become law.
Eric explains that he's not against laws that would help
govern the internet, but believes that this bill went too far since it has the ability
to infringe too far into personal information collected from users of the
internet. He then says that he would like to see a bill passed that respects
the privacy of U.S. citizens by requiring warrants, notifications, and
transparency in the process of sharing personal information.
While I agree with this bill based on the belief that its
intention was to help the government, companies, and the public, I also believe
that some changes need to be made before it should be made law. Plans need to
be made to amend the bill to address many of the concerns of its opponents.
Issues that need to be addressed include the following:
- limiting
its scope to a narrower definition of cyber-threats
- stating
that the theft of intellectual property refers to the theft of research
and development
- penalties
if private companies or the government uses data from CISPA for
purposes unrelated to cyber threats
By addressing opponent’s complaints, support for the bill
should grow. The bottom line is that laws do need to be passed to help govern
the internet and to make it a safer place.
