April 17, 2012, 12:37 PM — Have you heard of the Cyber Intelligence Sharing and Protection Act? If not, you’re in for a crash course. Leading privacy and civil rights groups have declared this Stop Cyber Spying Week in an effort to get the word out about CISPA – yet another meaningless acronym that threatens to redefine the Internet as we know it.
CISPA could be the most important piece of digital legislation since the Digital Millennium Copyright Act. And like the DMCA, which was written to thwart file sharers and DVD rippers but ended up being used to enforce copyrights on garage door openers and shut down blogs critical of corporations, it has at least as much potential for abuse.
But let’s get a few things straight. CISPA is not SOPA or PIPA. Those two separated-at-birth bills aimed to make it harder to buy illegal knockoffs and pirated content in this country by forcing Internet providers to make those pirate domains invisible to US Web surfers.
The problem with SOPA/PIPA is that a) it was too easy to snag legitimate sites that shared the same IP address as the pirate sites, b) allegedly illegal Web sites could be taken out based on accusations alone, c) innocent sites that got snagged by mistake would have a hard time getting back online, and d) they would force ISPs to break the Internet’s DNS system in order to make them work, using techniques similar to those employed by repressive regimes like China and Iran. All in all, a couple of sh***y laws.
CISPA is a different animal altogether. It amends the National Security Act of 1947 to allow private corporations and US intelligence services to share intel about cyber threats – essentially breaking down the walls between the spooks and the suits.
The problems with CISPA come from the definition of “cyber threat” and the loosey-goosey rules about what information can be shared by whom.
Here’s how the law defines ‘cyber threat’:
… information directly pertaining to a vulnerability of, or threat to a system or network of a government or private entity, including information pertaining to the protection of a system or network from--
`(A) efforts to degrade, disrupt, or destroy such system or network; or
`(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.