A highly controversial bit of legislation passed through the U.S. House of Representatives in April after nearly seven hours of heated debate and voting on amendments. This piece of legislation is called the Cyber Intelligence Sharing and Protection Act (CISPA), and it stands to completely change the way privacy on the Internet works in the future. CISPA’s next stop is the U.S. Senate where, if passed, it will come before the President for final ratification into law.
CISPA is the third such “Internet privacy act” to come down the legislative pipeline in the last year, its predecessors being the infamous Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), both of which failed to pass the House and Senate respectively. While SOPA was directed at blocking advertisements and payment facilities from conducting business with sites that had violated copyright protection laws, and PIPA was aimed at preventing search engines from locating known overseas piracy operations, CISPA is less concerned with the protection of existing intellectual property and more interested in providing information transparency between online entities (particularly social media sites) and the government.
Under CISPA, websites such as Google, Facebook, Twitter, and others who save user information on their servers could be called upon by the government or, indeed, other such corporate entities, to share the information they have on file for any given user without needing any warrant or court order to produce it. Those companies are under no particular pressure to comply with such requests, however, and can certainly refuse the requests if they feel there is no legitimate reason to comply. Unfortunately, many of these companies have a vested interest in placating the government, and you can almost guarantee that, should CISPA pass, your information will be getting shared, with or without your consent.
Ostensibly, the reasoning behind this legislation is to combat foreign spies who steal information from U.S. databases and send them back to their home countries. By sharing information such as a user’s browsing habits, Facebook contacts, private conversation logs, and photographs, government analysts can put together portfolios and match them with known espionage patterns to crack down on the offender before more damage is done. These patterns, however, might also draw the eye of suspicion down on innocent American citizens who simply have an interest in cybersecurity, military technology, or any other “red flag items” the government may be looking out for.
To learn more about what CISPA means and how it could potentially affect your life, your business, and your rights, CNet has provided a very helpful blog entry here. A detailed breakdown of the bill itself can be seen at this website, which provides links to each individual section of the bill to be read as it is currently written. Think about the information your IT department has at its disposal and how you might respond to a “request” for this information by the government or another entity under CISPA. How do you think your company would handle it?