CISPA, Revisited

On Thursday, April 18, 2013, the US House of Representatives voted 288-127 to approve the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cyberthreat information-sharing bill. The bill allows US intelligence agencies to share cyberthreat information with private companies. It also shields private companies that voluntarily share cyberthreat information with each other and with government agencies from privacy lawsuits brought by customers. This article takes a closer look at the CISPA debate from the perspective of supporters and opponents.


The CISPA is touted to help protect the US against cyberattacks from China, Iran and other countries. Proponents of the CISPA – mainly large corporations, such as IBM, Verizon and Google – argue that the bill will help America defend itself against attempts by hackers to penetrate vital infrastructure and access companies’ intellectual property.

A major component of the CISPA encourages intelligence-sharing. Companies often remain hush-hush about cyberthreats because they fear that sharing the details may land them in legal hot water. The bill encourages companies to be more forthcoming with their information by offering an exemption from civil and criminal liability when gathering and sharing data about cyberthreats.

Supporters argue that the bill strikes a balance between privacy concerns with the need for security. They argue that rogue nations and independent groups are taking aggressive measures to attack the US power grid, air-traffic control systems and customer financial data. According to Representative Dan Maffei,

“Every day, international agents, terrorists and criminal organizations attack the public and private networks of the United states. While I do always have some concern that the US government may access our private information in the cyber sphere, I am more concerned that the Chinese government will access our private information.”


Although the goal of sharing information may seem positive, the problem is that the bill is rather vague about what sort of information on cyberthreats may be shared. Potentially, everything from emails to medical records could end up being shipped to intelligence agencies, even if it is not required. According to Harvey Anderson of Mozilla, CISPA “creates a black hole” through which all kinds of data could be acquired by the government.

Opponents of the bill argue that it lacks sufficient privacy protections. CISPA does not require private companies to scrub unnecessary customer information from the data they share with each other and with government agencies, and it includes overly broad protections from lawsuits for companies that share information.

Representative Nancy Pelosi voiced concerns shared by the White House and many civil liberties groups, that the CISPA doesn’t do enough to ensure that companies sharing cyberthreat data with the government and each other, will remove personal data of private citizens. “They can just ship the whole kit and caboodle and we’re saying minimize what is relevant to our national security. The rest is none of the government’s business,” she argued.

Other Perspectives

The CISPA debate is one that has been polarized as an encroachment of big business on the privacy of individual citizens. This is a pretty accurate assessment. In fact, pro-CISPA businesses and interests have spent 140 times more money on lobbying than their anti-CISPA counterparts.

According to the Sunlight Foundation, backers of the CISPA had $605 million in lobbying expenditures from 2011 through the third quarter of last year, compared to $4.3 million spent by opponents of the bill. While it’s impossible to say how many of those dollars were devoted to trying to influence votes on the CISPA bill, this statistic provides some measure of the imbalance of resources available to each side.

However, opponents have the attention of the public on their side. “It’s not the same as SOPA and PIPA but it’s the sort of thing where we kept people informed for a long time until people finally started paying attention,” commented Emily Sheketoff, the executive director of the Washington office of the American Library Association.

Still others remain unconcerned. A Wall Street Journal op piece stated,

“… naturally Cispa will probably die a slow legislative death. How do we know? We watched this movie last year. Then, too, Michigan Republican Mike Rogers and Maryland Democrat Dutch Ruppersberger wanted to improve voluntary information-sharing in real time about cyber threats between the government and private companies. This is as unthreatening as it sounds.”


This article takes a look at the Cyber Intelligence Sharing and Protection Act (CISPA), which was approved by the US House of Representatives on Thursday, April 18, 2013.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) and the Certification Foundation Course and Exam (Foundations), a privacy professional should be comfortable with topics related to this post, including:

  • Privacy responsibility framework (CIPP/IT; II.B.)
  • Combating threats and exploits (CIPP/IT; III.E.b.)
  • Privacy and data protection regulation – United States (Foundations; I.D.b.)
  • Threats to online privacy (Foundations; III.B.b.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>