- Extend the National Security Act to cover "cybersecurity" threats, loosely defined.
- Allow US intelligence services and private companies to monitor and collect information we users place on the Internet, including emails, text messages, VOIP calls, web sites we visit, etc.
- Allow US intelligence services to legally share the data gathered with private companies, and allow private companies to share data they collect with US intelligence services.
- Allow private companies and/or US intelligence services to block or even modify data sent over the Internet.
Originally CISPA included “theft of intellectual property” in its definition of cybersecurity threats. That made it an effective tool for the US government to go after file-sharing sites and copyright violators. That language was removed under pressure from advocacy groups, but the remaining language is so vague that it leaves open the possibility of defining at least some violations of IP law as "cybersecurity related".
It is interesting to consider that a site such as Wikileaks might fall under the definition of a cybersecurity threat in CISPA. One wonders if that is what the US government really wants to shut down: the exposure of embarrassing truths on the Internet?
We at Gandi are a multi-cultural, multi-opinionated team of Internet experts. Unlike the bill's sponsors (which include AT&T, Facebook, and Google) we do not think that CISPA is the right approach to stopping cyber attacks on government agencies and private companies. We get our fair share of attacks, and trust us, we don’t like it, but what is the real price of fighting these bad actors with laws? We feel the comprehensive nature of the CISPA legislation offers a bazooka-to-swat-a-horsefly approach, and bazookas always cause collateral damage. We know what that phrase means from the Bush era: innocent people getting hurt. That price is too high. Try again, US lawmakers. You can do better (See Cybersecurity's 7-Step Plan for Internet Freedom, from the Center for Democracy and Technology, for example).
Read the bill! Form your own opinion and share it! Do you agree with us? Take action with the EFF, or Avaaz.
UPDATE: 5/17/2012: CISPA Passes the House of Representatives, heads to an uncertain future in the senate, and a veto threat from Obama. See this link.
UPDATE: 8/9/2012: CISPA has been rejected by the Senate 52-49, on August second. We expect it will return, possibly with another name, in the next session, so our work in opposing legislation that restricts our rights to free speech is far from over.
We want to hear your thoughts. Do you care what your registrar and web host has to say about these repeated legislative assaults on internet users? How important are these issues to you? Let us know in the comments.