The Cyber Intelligence Sharing and Protection Act (CISPA)
WHY IS CISPA NEEDED? Each day tens of thousands of cyber attacks, oftentimes from China and Russia, target U.S. companies and the U.S. government. These cyber criminals try to steal customers’ personal information, our country’s national intelligence and top secret information, and companies’ trade secrets and plans for new products. The cyber thugs then use this information for everything from stealing the identity of American citizens to plotting attacks against the U.S. Because we remain vulnerable to attacks from organized, foreign cyber criminals, the security of American businesses and American citizens are at risk.
WHAT DOES CISPA DO? CISPA creates a legal framework to allow voluntary intelligence sharing in order to protect businesses, their consumers, and the U.S. government from cyber attacks. Under this framework, intelligence on cyber attacks, including the identity of who is launching the attack, how they are doing it, and what kinds of information they are targeting, can be shared within the private sector or between the government and the private sector. Only information necessary to prevent cyber attacks can be voluntarily shared. Ultimately, this adds protections for you as an individual, without compromising your privacy. This will allow both the private and public sectors to better prepare for and prevent cyber attacks.
HOW DOES CISPA IMPACT ME? When organized criminals in China hack into a U.S. business, they have access to your personal information. Under CISPA, the business can then voluntarily share certain information to help identify the perpetrators and prevent similar, future attacks. (Note: disclosure to consumers is already required under the law). Preventing future cyber attacks is beneficial to us all as consumers and helps make your personal information more secure.
WHAT CISPA DOES NOT DO: CISPA does not allow the U.S. government to block access to websites, censor, or force an individual or company to remove information or content from websites. It also does not create any mandates; it is completely voluntary.
DOES CISPA VIOLATE OUR CIVIL LIBERTIES? When this bill was introduced, I had concerns that the language was not clear enough to adequately protect the civil liberties of private citizens. I supported eight amendments that passed the House of Representatives (3 by voice vote) that added further civil liberty protections for individuals. Two of the amendments made it clear that (1) only information necessary to prevent cyber attacks will be shared; (2) all information sharing will be voluntary, not mandatory; and (3) the information cannot be used by the government, or any other party, for any purpose other than preventing cyber attacks.
If you have any further questions or concerns about CISPA, please call my Washington, DC office at (202) 225-6565.