A bill similar to the Stop Online Piracy Act (SOPA) — which was postponed earlier this year following significant public backlash and scrutiny — is being introduced by Rep. Michael Rogers (R-MI) and sponsored by 106 House members. Already, Rep. Rogers’s Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) is receiving significant criticism. Per the Electronic Frontier Foundation:
Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.”
EFF staff technologist Dan Auerbach says CISPA and SOPA are separate bills with separate issues. He claims there were a great many First Amendment issues with SOPA, but believes CISPA has Fourth Amendment problems. Auerbach described three major concerns with CISPA:
First, the definitions are too vague in the bill. With vague definitions come a lot of wiggle room for both the government and companies, both in terms of monitoring and countermeasures (for cyber security threats). It’s hard to know what [the government's] actual plans are, and the reason it’s hard to know is it’s so damn vague.
Auerbach’s second concern: CISPA would grant total immunity to internet service providers and cable and telephone companies who share information with government agencies, “notwithstanding any other law.” Users would have no recourse if their privacy was violated.
His third concern: the bill would give authority for gathering “cyber intelligence” over to the super-secretive National Security Agency (NSA):
It puts not a civilian agency in charge, but the NSA. The dangerous part about putting the NSA in charge is that NSA is a spectacularly non-transparent agency.
Auerbach told PJ Media that there has been some talk by Congress of amending the bill to put the Department of Homeland Security (DHS) in charge rather than NSA. But Auerbach says that’s a distinction without a difference, as there’s nothing stopping DHS from promptly passing the information along to NSA.