How Worried Should I Be About CISPA? Is it SOPA 2.0?

Innovation, the Internet, gadgets, and more.
April 18 2012 1:45 PM

Not Another SOPA

CISPA isn’t the Stop Online Piracy Act 2.0, but you should still be wary of the latest congressional tech bill.

Protesters demonstrate against the proposed Stop Online Piracy Act (SOPA).
Protesters demonstrate against the proposed Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) outside the New York offices of Sen. Charles Schumer and Sen. Kirsten Gillibrand on Jan. 18, 2012

Photograph by Mario Tama/Getty Images.

Three months ago, the Stop Online Piracy Act was killed by righteous, indignant Internet activists who found the legislation so menacing that they blacked out their sites in protest. Now, the story goes, SOPA is back, like a movie villain rising from the grave for a bloody sequel. CISPA, the Cyber Intelligence Sharing and Protection Act, has been dubbed “SOPA 2.0” by tech blogs, who want you to believe it’s the same devil in a new disguise.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

They’re wrong. CISPA is a different devil altogether. And while it’s unlikely to provoke anywhere near the same level of outcry as SOPA, it has the potential to be insidious in its own right. The difference is that, if CISPA is abused, it won’t be the tech firms that get hurt. It will be you.

SOPA was primarily about intellectual property. The bill would have given digital rights-holders—record companies and film studios, for instance—sweeping power to go after websites that appeared to “enable or facilitate” copyright infringement. Those that didn’t comply could be blacklisted. It’s easy to see why companies like Google and Facebook adamantly opposed it. It was a broadside against the culture of free sharing that underpins their business models.

Advertisement

CISPA, in contrast, is about cybersecurity, not your bootleg copy of Avatar. Its main goal is not to protect copyright-holders’ profits, but to protect websites and the government from hackers. Early incarnations of the bill set SOPA opponents on edge with a line about protecting intellectual property. But its bipartisan sponsors, Reps. Mike Rogers of Michigan and Dutch Ruppersberger of Maryland, wisely edited CISPA last week to remove that mention. It should now be clear to all but the most paranoid that CISPA isn’t SOPA 2.0. At this point, to label it as such is to both miss the bill’s legitimate aim and to overlook the bill’s real potential harms.

So what is CISPA all about? The bill’s most important provision would protect companies from lawsuits that might arise from the confidential sharing of “cyber threat information” with the government. But what, exactly, constitutes “cyber threat information”? That’s where it gets a bit murky.

There’s a legitimate aim here to improve communication between the federal government and Web companies when it comes to hacking, whether the attacks come from the Chinese government, Anonymous, or criminal gangs. Right now, both the government and Web firms risk opening themselves to lawsuits if they divulge private information to one another. That makes it hard to track attack patterns, leaving both sides in the dark. The bill sets up a legal framework for them to do that sort of sharing without exposing the information to the public.

And that explains why companies like Facebook and Microsoft, which opposed SOPA, are backing this bill. CISPA doesn’t require Web firms like Facebook to do anything. Rather, it grants their officials special access to the government’s information on “cyber threats”—access the general public doesn’t have.

That sounds good as long as you have full faith in companies and the government not to mishandle any of your information in the name of cybersecurity. The bill’s current language authorizes the sharing of “information pertaining directly to a vulnerability of, or threat to, a system or network of a government or private entity.” Could that information include users’ names, addresses, and credit card numbers? Records of other sites they’ve visited? The bill doesn’t say. How does a company decide whether there’s enough reasonable suspicion to justify sharing a given user’s data? It doesn’t explain that either.

TODAY IN SLATE

Medical Examiner

Here’s Where We Stand With Ebola

Even experienced international disaster responders are shocked at how bad it’s gotten.

It Is Very, Very Stupid to Compare Hope Solo to Ray Rice

The U.S. Is So, So Far Behind Europe on Clean Energy

Even if You Don’t Like Batman, You Might Like Gotham

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Politics

Meet the New Bosses

How the Republicans would run the Senate.

A Woman Who Escaped the Extreme Babymaking Christian Fundamentalism of Quiverfull

So, Apple Is Not Shuttering Beats, but the Streaming Service Will Probably Be Folded Into iTunes

  News & Politics
Politics
Sept. 22 2014 6:30 PM What Does It Mean to Be an American? Ted Cruz and Scott Brown think it’s about ideology. It’s really about culture.
  Business
Moneybox
Sept. 22 2014 5:38 PM Apple Won't Shut Down Beats Music After All (But Will Probably Rename It)
  Life
Outward
Sept. 22 2014 4:45 PM Why Can’t the Census Count Gay Couples Accurately?
  Double X
Doublex
Sept. 22 2014 4:06 PM No, Women’s Soccer Does Not Have a Domestic Violence Problem Or, why it is very, very stupid to compare Hope Solo to Ray Rice.
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
  Arts
Brow Beat
Sept. 22 2014 5:45 PM The University of California Corrects “Injustice” by Making Its Rich Chancellors Even Richer
  Technology
Future Tense
Sept. 22 2014 6:27 PM Should We All Be Learning How to Type in Virtual Reality?
  Health & Science
Medical Examiner
Sept. 22 2014 4:34 PM Here’s Where We Stand With Ebola Even experienced international disaster responders are shocked at how bad it’s gotten.
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.