Last Thursday, the U.S. House of Representatives passed the controversial Cyber Intelligence Sharing and Protection Act known as CISPA by a margin of 288 to 127. Since then, the bill has garnered a bevy of criticisms from within the House itself, civil liberty activists and cyber privacy activists, including the hacktivist group Anonymous.
Those who criticize CISPA have a distorted view of the purpose of the bill and the amount of power that any federal agency would gain from it.
CISPA does not give any agency in the federal government the right to demand any cybersecurity information from any private entity or network. Rather, the bill clearly states that, in the event of a cyberattack, private entities can share relevant information with the federal government. All information received would go through the proper procedures drawn out in the bill and the government would then disseminate that information with the intelligence community.
The bill does have one ulterior flaw that failed to be remedied by House members before the vote last Thursday and may make it dead on arrival when it reaches the Senate later this week. Though the bill ensures that all information collected must be relevant to a cyberattack, the information requested has the potential to be incriminating and is garnered without a warrant or judicial oversight.
But this argument ignores the provisions of the National Security Act of 1947 that gives the executive branch warrantless access to information regarding a national security threat including the ever-growing threat of cyberattacks.
Detractors believe that giving the government power to collect information from private companies would mean that it would have control over a vast database of information that it could fish through in order to incriminate anyone that violates any crime. Though this would be true regarding information that the intelligence community found on the cyberattack that it was investigating, it would not be true of any other crime brought up through the given information.
The purpose of CISPA is to encourage private sector Internet providers, utilities companies and cybersecurity companies to share intelligence information with the federal government about cyberattacks and cyberattack prevention. It is not a ploy by the federal government to obtain private information for nefarious purposes. The bill clearly states criminal penalties on those who disregard the procedures of the bill and misuse the information. The bill even adds an amendment to the Freedom of Information Act to ensure that any private information received is not disclosed to the public.
But CISPA detractors view any amount of government intervention in private sector cyber activities as an unjust overreach of federal power. But, in reality, the justifications of the bill outweigh the cynical view that the government is out to control and investigate all law-abiding citizens.
The CISPA bill is not going to give the government any excess of power over American citizens that it does not already have. We should trust that the government is working within the parameters of the Constitution and allow bills like CISPA so the government can ensure the security of the Internet.