It may not have made as much noise as Stop Online Piracy Act (SOPA), but you may have heard about the Cyber Intelligence Sharing and Protection Act (CISPA) bill recently, especially since it just went through the U.S. House of Representatives. After getting 248 votes in favor of it —as opposed to 168 votes against it — CISPA is now merrily making its way to the Senate. But what exactly is CISPA and why does it have its share of high-profile supporters (such as Facebook) and critics (such as the Electronic Frontier Foundation) alike?
In a nutshell, the bill would allow government agencies to request customer data from Internet Service Providers (ISPs) and websites, if the agencies think the information would help them prevent or solve a cyber security crime like hacking or network disruption. Samples of network disruption include blocking access to the internet, stopping a power supply, or taking control of a spy drone. Note that we said request not demand — federal agencies wouldn't actually have the right to force companies into giving up information. According to those in favor of the bill, it would mostly address threats coming from China and Russia.
Why CISPA is controversial
One of the main reasons why CISPA is so controversial even if it's a bill meant to tackle cyber security threats against the U.S. government, is because it's vaguely worded... and that makes it dangerous. An earlier version of the bill, for instance, defined cyber threats either as "efforts to degrade, disrupt, or destroy such system or network" or as "theft or misappropriation of private or government information, intellectual property, or personally identifiable information." The inclusion of intellectual property in the latter statement means that when the bill becomes a law, it would also apply to people who download illegal files over the internet.
A newer version of the bill, however, redefined cyber threats as "efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information," which is more faithful to CISPA's original purpose. Yet another thing that worries its critics is the part in the bill that says if ever it becomes a law, feds could ask ISPs and companies for data "notwithstanding any other provision of law." This means agencies don't have to respect wiretap laws and privacy policies, so long as the suspect is accused of a wrongdoing that could be classified as a cyber security threat.
What will happen to CISPA from here on out
The Senate is expected to assess the bill in the coming weeks, although even if it passes, it faces a huge hurdle: The White House has vowed to veto it if it doesn't go through some pretty big changes. While The White House is interested in a cyber security law, it believes Homeland Security should have a key role in enforcing it. It's also particularly concerned about the fact that CISPA would protect private companies from lawsuits if they decide to share data with federal agencies even if the affected party turned out innocent in the end.
More from Tecca: