CISPA Resource Page
The Cyber Intelligence Sharing and Protection Act, ("CISPA") was introduced in 2011 to facilitate the sharing of cyber threat information within the private sector and between the private sector and the government. CDT and others criticized the bill as overbroad and lacking in civil liberties protections.
While the House of Representatives adopted some critically important changes before approving the bill on April 22, 2013, CDT opposes CISPA. The bill permits companies to share cyber threat information without making any effort to remove personally identifiable information that is unnecessary to describe a cyber threat and it invites companies to "hack back" by immunizing them from civil and criminal liability even if they make reckless and negligent decisions based on cyber threat information shared or obtained under the bill. Though we oppose the bill, we acknowledge a number of important changes House members made to CISPA since 2011: (1) The definition of information that can be shared by companies with the government was narrowed substantially; 2) key limits on the government's use of shared information for non-cybersecurity purposes were adopted, including deleting the provision of the bill permitting such information to be used for non-cyber national security purposes; and 3) an amendment was adopted that was intended to ensure private sector cyber threat information would be be shared with a civilian agency, not a military entity.
Below are CDT resources, listed in chronological order, that track the evolution of the bill.
April 28th - In April, the House of Representatives passed CISPA. Though fundamentally flawed, the bill is very different from when it passed the House a year ago, demonstrating the power of a growing Internet advocacy community. Two game-changing achievements stand out: First, in the face of criticism that a loophole would turn CISPA into a backdoor intelligence-gathering operation, the House Intelligence Committee amended the text to prohibit such uses. Second, an amendment was passed that affirmed cybersecurity efforts for private sector networks should be led by a civilian government agency, not a military one.
April 18th - Although CISPA was improved before passage in the House, the bill remained fundamentally flawed, and CDT reaffirmed its opposition to the bill.
April 15th - While the House Intelligence Committee improved CISPA at a committee markup, the version that went to the Floor would have shifted control of the federal government’s cybersecurity program for the private sector to the NSA, a secretive military intelligence agency. Such a shift would be a sea change in cybersecurity policy and a threat to civil liberties.
April 1st - This resource lays out the eight critical problems with CISPA that threatened civil liberties and rendered the bill unacceptable, as well as solutions for the problems.
April 1st - This redline shows how CISPA would change if CDT's solutions for the bill were adopted.
March 26th - A coalition of Internet advocacy organizations and individuals launched a week of action to oppose CISPA. The coalition believes that legislation intended to enhance our computer and network security must not sacrifice long-standing civil liberties and protections.
March 20th - CDT joined a coalition of 37 organizations in signing a letter to the White House asking it to renew its promise to veto CISPA, which it eventually did.
February 28th - Continuous monitoring is the order of the day for all information systems, including major ISPs and other service providers. Continuous monitoring is generating huge amounts of data about behavior of all networks and about the behavior of users of all networks.
February 15th - In February, House Intelligence Committee Chairman Mike Rogers and Ranking Member C.A. Dutch Ruppersberger reintroduced CISPA, the same bill that passed the House last April over the opposition of civil liberties and Internet freedom groups and despite a Presidential veto threat.
April 30th - Although CISPA remained a bad bill after passing the House in 2012, progress was made in narrowing the definition of the information that could be shared with the government. Some progress was also made on limiting the government’s use of information for non-cybersecurity purposes.
April 26th - Since CISPA was introduced, CDT consistently said the bill had three critical civil liberties problems, and we worked with Members of Congress, Internet users, advocacy groups, and industry to address them.
April 25th - The House Intelligence Committee agreed to support certain amendments that would improve CISPA in terms of privacy and civil liberties. However, the Committee-supported amendments leave two key issues unresolved - the flow of information to the super-secret NSA and the broad purposes for which that information can be used.
April 24th - This resource lists improvements supported by the House Intelligence Committee as well as fundamental flaws that remain in the bill.
April 18th - As companies and the White House pressed to fix CISPA, major privacy concerns remained unresolved.
April 16th - CDT joined a group of 34 other organizations in signing this letter to the House of Representatives asking them to vote ‘no’ on CISPA.
April 12th - CISPA is a different issue than SOPA. SOPA is about the First amendment, CISPA is about the Fourth. But they both take a legitimate problem and try to tackle it with an overbroad solution.
April 10th - The House's Cybersecurity Week need not signal open season on civil liberties and privacy. House leadership had a choice between the seriously flawed Rogers bill and the more measured Lungren bill. Once again we were told that we had to trade liberty for security; and once again, it wasn't true.
April 4th - This chart compares four cybersecurity bills before Congress, including CISPA. This chart also reflects the Lungren bill before it was marked up in committee.
March 28th - Cybersecurity bills in Congress, including CISPA, included provisions that posed major civil liberties risks.
February 2nd - Before it was amended by the House Homeland Security Committee, the information sharing provisions in the PRECISE Act, a cybersecurity bill sponsored by Rep. Dan Lungren (R-CA), offered a strong alternative to CISPA by balancing cybersecurity, industry, and civil liberties concerns.
December 1st - This is CDT's original analysis of CISPA.
- CISPA has a very broad, almost unlimited definition of the information that can be shared with government agencies and it supersedes all other privacy laws.
- CISPA is likely to lead to expansion of the government’s role in the monitoring of private communications.
- CISPA is likely to shift control of government cybersecurity efforts from civilian agencies to the military.
- Once the information is shared with the government, it wouldn’t have to be used for cybersecurity, but could instead be used for other purposes.