The Cyber Intelligence Sharing and Protection Act 2012 CISPA) provides for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.
The Act allows the federal government to use shared cyber threat information:
- (1) for cybersecurity purposes, including the investigation of cybersecurity crimes;
- (2) for the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers; or
- (3) to protect U.S. national security. Prohibits the federal government from affirmatively searching such information for any other purpose.
What information is shared?
CISPA allows Internet service providers to monitor their networks and to collect, analyze and share information on any user activities that they believe present a threat to their networks. Federal agencies would share both classified and unclassified cyber threat information in their possession to help Internet companies bolster their defenses against cyber threats in return.
Who likes and dislikes the Act?
Unlike the failed Stop Online Privacy Act (SOPA), technology firms such as Facebook, Intel, and Microsoft are among some 800 US-based firms that have reacted positively to the Act. But US advocacy groups have expressed concerns about the Act's transparency, worrying that Internet companies can collect an almost unlimited set of information about Internet users and share the information with government agencies such as the National Security Agency (NSA), without judicial oversight.
The law would also allow Internet companies to use a "cybersecurity exception" clause to skirt the privacy protection provided by statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.
Will the Act affect me?
The Act allows your Internet Service Provider or an Internet company such as Google or a Facebook, to justify collecting information on all your online activities more easily and share them with the NSA and other federal agencies.
Are companies required to share data with the government?
No, although most companies are likely to participate in the information sharing because of the promise of getting useful cyber intelligence from the government and other companies in return for their own information.
Read also UK