Guest Article – Is CISPA a New SOPA?
Dan says: A lot of people have started bringing CISPA to my attention. I’m about to release a new single which I’ve been planning for ages, so my mind is focused on that for the next couple of weeks. In the meantime, Imogen Reed drops some facts for you…
Is CISPA a New SOPA?
CISPA is the Cyber Intelligence Sharing and Protection Act, due to be put to Congress at the end of this month. Some campaigners are claiming that CISPA is as bad as SOPA, and are planning a similar day of action to the SOPA internet blackout, that successfully killed that bill. There is lots of rhetoric flying around the internet about CISPA, both from those who support CISPA and claim it is not another SOPA, and those who say it is just as dangerous. Who is right, and what is CISPA actually trying to do?
What is CISPA?
The Case For
Those in favour of CISPA argue that it is essential to prevent hacking. As it stands, the government knows what it needs to do to stop hackers, but it is legally unable to take action, as sharing information about cyber-threats is illegal. They say that there are privacy measures built into the bill, and that it does not pose any threat to ordinary citizens. It is, they say, limited and only allows the sharing of very specific data: that is, data that relates to specific threats. CISPA’s proponents say that is ‘nothing like SOPA’ as has been claimed by many of those against it.
The Case Against
CISPA is nothing like SOPA, in the sense that it is a different bill aimed at a different group of people. The problem with CISPA comes not in what it does say, but in what it does not. That makes it very much like SOPA in some ways. What CISPA does is give the government significant control over the internet. The actual wording of CISPA says that it is aimed at protection against ‘efforts to degrade, disrupt, or destroy such system or network; or theft or misappropriation of private or government information, intellectual property, or personally identifiable information.’
The difficulty with that wording is that it is very broad and vague. While it might be aimed at preventing breaches of security, the wording actually used in the bill does not exclude it being used much more broadly. In theory, CISPA would mean that the government could spy on any kind of private data. Private communications including emails could be intercepted if the government could make a claim that they were doing so in order to combat a security threat. Companies could choose to monitor private data wholesale, collect it and give it to the government, provided they claimed that they believed that doing so would help combat a security threat. That is the problem with CISPA: it is just not specific enough.
To work out exactly how CISPA might affect people and companies, we need to look at how a ‘security threat’ might be defined. The government is not likely to claim that something is a security threat without being able to provide some basis for their claim. However, it is not hard to see how they would be able to make such a claim against a website like Wikileaks for example. File-sharing websites could also be under threat. In other words, it is possible that CISPA could be used in exactly the same way as SOPA had been intended to be used: to target websites that are thought to breach intellectual property rights.
We do not know exactly how CISPA will be used in practice, if it is passed. It does not give the government the extensive powers to shut down domains that SOPA would have done, and it is not specifically targeted at online piracy. However, it does seem to be very flawed. If it is really only intended to allow the government to catch hackers, why is the language it uses so broad? CISPA is certainly one to watch, and one to fight against.