The Cyber Intelligence Sharing and Protection Act (CISPA), which recently passed the US House of Representatives, will soon see its counterpart bills debated in the Senate. The vote on CISPA comes only months after the Stop Online Piracy Act (SOPA) was withdrawn after widespread protest, and many are wondering whether CISPA will garner the same high-profile opposition. By allowing companies to share user data with each other or the government to combat vaguely defined "cyber threats," CISPA has raised major questions about online privacy.
Unlike SOPA, however, the provisions of CISPA largely absolve companies from responsibility if something goes wrong. This means that Google, Facebook, and others stand much less to lose (and in many cases, a good deal to gain) if it passes. We've taken a look at where several of the major tech companies and websites stand on this proposal.
CISPA has generated its share of controversy, with the Cato Institute, American Civil Liberties Union, Center for Democracy and Technology, and many others speaking out against it. Few major tech companies, however, have followed suit. Two notable exceptions so far are Mozilla and Cheezburger Inc., both of which have strongly opposed the bill.
"This is SOPA's cousin who works for the CIA."
Mozilla came out against the measure yesterday, telling Forbes that "CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse." Cheezburger was more succinct: in an interview with ProPublica, CEO Ben Huh said CISPA was "SOPA's cousin who works for the CIA."
The parties above, however, are far outnumbered by companies in favor of CISPA. Major technology interest groups and businesses like Intel, IBM, and Symantec have sent letters of support, and some have further announced their positions more publicly. In February, for example, Facebook policy VP Joel Kaplan commended the bill to the House of Representatives, saying that it would remove "burdensome rules that currently can inhibit protection of the cyber ecosystem" and "provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of users." More recently, the company posted about CISPA on its blog and told Time that "when one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack."
"A more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of users."
Likewise, major carriers have expressed support for CISPA. AT&T called the bill "an important and positive step in strengthening cybersecurity collaboration," and Verizon said it "enables private sector entities to defend their and their customers’ networks, allows them to share cyber-threat data with others in the private sector and the US Government, and improves our nation’s ability to identify and mitigate cyber threats before they can do damage."
In rare cases, companies have backed away at least marginally from their initial commendation. Microsoft supported the bill when it was introduced, calling it a way to "eliminate barriers and disincentives that currently prevent effective information sharing to guard against cyber-attacks." Since then, it has qualified that statement to CNET, stating that its position is "unchanged" but that any bill must allow "us to honor the privacy and security promises we make to our customers." A spokesperson said that Microsoft will "ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy."
At this point, the biggest question is not who has come out in favor of CISPA, but whether it should expect significant opposition from major technology groups. Several of the biggest potential critics are still debating the bill internally or watching for major developments, including Wikipedia, one of the biggest participants in the influential SOPA blackout. Wikimedia spokesperson Joe Walsh has told ProPublica that the organization is still undecided on CISPA: "It's still early days. We don't want to rush to conclusions." The Wikimedia Foundation is apparently still monitoring the bill.
Reddit also established itself as a major player during the SOPA controversy, but the site's administrators are taking a more measured stance so far on CISPA. As mentioned in a recent site post, Reddit wants to help sort out the issues surrounding the bill: it's lining up a group of experts involved with the bill, starting with a Center for Democracy and Technology panel today. "We want to make sure we're familiar with all of [the different House and Senate bills] and the different details before we release an official position," Reddit general manager Erik Martin told us today. Martin said, however, that this doesn't mean Reddit is "in support or even neutral" on CISPA.
"We want to make sure we're familiar with all of the different details before we release an official position."
The last undecided name is one of the biggest. Search juggernaut Google has hardly shied away from supporting or opposing legislation in the past, but the company has yet to take a stance on CISPA. The closest it's gotten is a recent statement to Forbes, where a spokesperson said that "we think this is an important issue and we’re watching the process closely but we haven’t taken a formal position on any specific legislation."
CISPA does, of course, have one fervent detractor: President Barack Obama. In a recent statement (PDF), the Executive Office of the President said the Obama Administration was "strongly opposed" to the bill in its present form, and that the President's advisers would recommend he veto it if lawmakers did not limit the amount of personal information that could be disclosed and remove companies' "inappropriate" blanket protection from legal liability. This protection, the Administration says, "not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests... The American people expect their Government to enhance security without undermining their privacy and civil liberties."