CISPA Monitoring Bill: Changes Proposed, but Unlikely to Pacify Critics

Lawmakers are proposing changes to the Cyber Intelligence Sharing and Protection Act, or CISPA, that would help prevent the government and businesses from running amok with personal data. CISPA is an amendment to the National Security Act of 1947 that would allow the U.S. government and businesses to more easily share information about cyberattacks. The government would be able to share what it knows about security threats with businesses, including Web services such as Facebook. Those businesses would be able to share their own information with the government, though doing so would not be mandatory. Critics, such as the Electronic Frontier Foundation and American Civil Liberties Union, have argued that the bill's broad language opens the door for censorship -- for instance, by defining intellectual property theft as a type of cyberattack -- and doesn't put any limits on the sharing of personal data. Also, the bill supersedes any other privacy laws, and information sharing would be exempt from the Freedom of Information Act. CISPA's proposed changes are unlikely to allay those concerns. None of the bill's amendments or proposed changes would narrow the definition of a cyberattack, nor would they place restrictions on what kinds of information may be shared. (In the latest amendment, approved changes are highlighted in green, and proposals are highlighted in yellow.) Proposed changes would, however, add more liability for the government and restrictions for businesses. In one proposed amendment, the government would be liable for monetary damages if it willfully misuses shared information. In another, businesses would be prohibited from sharing cyber threat information with outside entities besides other approved businesses and government agencies. In addition, a pair of amendments approved last week call for an annual review -- but still no Freedom of Information Act disclosure -- of information sharing, and spell out that companies can't make quid-pro-quo deals with the government, where they only get information if they share back. Civil liberties groups are hoping to drum up the same type of citizen outrage over CISPA that forced the anti-piracy bills SOPA and PIPA into hiding last January. This week, 20 groups are participating in “Stop Cyber Spying Week” in protest of the bill. But this time around, advocacy groups don't have the backing of the tech community. Among the bill's supporters: Facebook, Microsoft and the wireless trade group CTIA, of which Google is a member.