It’s a completely different issue [than SOPA]. This is about government monitoring. [SOPA] is about the First Amendment, [CISPA] is about the Fourth, but they both take a legitimate problem and try to tackle it with an overbroad solution.
The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
Yes, intellectual property. It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats.
The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
Auerbach and the EFF agree there may be need for legislation or at least congressional discussion on the topic, but remain unconvinced this bill is necessary:
There is a real debate to be had about what measures should be deployed. But there’s no real evidence to say we need this bill.
The analysis by Reitman and Tein concludes:
Congress is intent on passing cybersecurity legislation this year, and there are multiple proposals in the House and the Senate under debate. But none is as poorly drafted and dangerously vague as the Rogers bill. We need to stop this bill in its tracks, before it can advance in the House and before the authors can negotiate to place this overbroad language into other cybersecurity proposals.