The Old CISPA
In 2012, three pieces of USA legislation with huge potential effects on the Internet were tabled. They were the Stop Online Piracy Act, Protect IP Act and the Cyber Intelligence Sharing and Protection Act.
Of all three, the majority of publicity went to the first two. If you remember, SOPA and PIPA were stopped by a huge protest generated by internet activists. CISPA was shelved after not gaining any traction in the Senate. Even if it had passed the Senate, the White House had threatened to veto the bill anyway, due to privacy and civil liberty concerns.
The New CISPA
The new version of CISPA has undergone some changes to clean up definitions and ensure privacy is maintained. However, the language is still murky and vague and the majority of the bill is unchanged. CISPA is designed to prevent cyber attacks by obtaining and sharing “cyberthreat information”. In practice, this means private sector firms are able to access personal and sensitive data of US citizens such as emails, cloud-storage, documents and so on.
If CISPA is passed, it will override existing privacy law and provide immunity to participating companies and the US government. The data collected will be exempt from the Freedom of Information Act and other state laws that require disclosure . Once collected and passed on to the government, it can be disseminated to any agencies and used to investigate other crimes not pertaining to cybersecurity.
CISPA recently passed the House of Representatives and is headed for the Senate. If it is not filibustered there, the only hope to stop it is a presidential veto. And several of the big tech companies which opposed SOPA and PIPA are backing this bill (Full list of supporters can be found here).
The biggest impact this bill will have is on US citizens, however non-US citizens may be affected as most US companies keep their data in local datacentres. And it won’t matter to the government agencies if the data is from foreign users. Think on how many US based websites we use, and how much data we give away. It would be a treasure trove for intelligence analysts, but a deep invasion of our privacy as Internet users.