On April 26, 2012, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). According to the bill sponsors, CISPA is an essential update to the National Security Act of 1947 that adds provisions allowing for information about “cyber threats” to be shared between the government and private industry. The bill loosely defines “cyber threats” as potential vulnerabilities to government or private networks, including risks associated with efforts to disrupt those networks or steal intellectual property or personally identifiable information. Under CISPA, the government would act as a central information clearinghouse for cyber threat information collected across the country.
CISPA has been referred to by privacy alarmists as SOPA 2.0 (we all remember SOPA, right?), but such a characterization is lazy. Both bills are similar in that they are ultimately concerned with stopping illegal online activities; however, unlike SOPA, which was ostensibly aimed at stopping illegal downloading of copyrighted content, CISPA is designed to create an information exchange between the government and private industry to share cyber threat intelligence. Few would argue that monitoring and sharing information about attacks and threats of attacks on the networks that underpin our economy is not an important objective. Where CISPA raises privacy concerns is in the details of how the information is to be shared. The bill allows companies full control to determine how much information they share with the government. In the event the government has some information an individual company needs regarding a potential threat, the concern is that the government could use that leverage to require more information from the company than it otherwise would be willing to share.
Privacy advocates’ concerns over the method and breadth of the data sharing has been echoed by the White House in a threat to veto CISPA as currently drafted. As a result, CISPA likely will see some revisions in the Senate, where it will be considered along with Senator Lieberman’s Cybersecurity Act of 2012 and Senator McCain’s SECURE IT bill.
About the author
Andrew Martin:
As an associate attorney with extensive prior experience advising information technology start-ups, Andrew’s practice focuses on finding solutions for his clients’ intellectual property issues. Due to his extensive experience in the software and technology industries, Andrew understands both the practical and legal issues involved in IP licensing agreements and disputes. In addition to licensing, Andrew helps his clients find new ways to use existing technologies to assist his clients in areas such as data privacy compliance. Andrew uses his diverse background which includes founding a record label and working for a world-wide concert promoter when counseling the firm’s entertainment clients.
Get in touch: amartin@scottandscottllp.com | 800.596.6176