Inform/Cyber Intelligence Sharing and Protection Act (USA)

This is a demonstration of what a page devoted to a specific bill would look like. The title includes the full name of the bill and the jurisdiction.

What is CISPA?

The page opens with a two-sentence summary of the aim and purpose of the bill, in as neutral a fashion as can be managed.

The Cyber Intelligence Sharing and Protection Act (CISPA) is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattacks.

Prerequisite Reading

The Prerequisite Reading section lists other Inform pages related to this bill, which need to be understood before engaging with policymakers on the topic. Click the links for more Inform example content.

• Privacy
• Cybersecurity
• Distributed Denial of Service (DDOS)

Related

The Related section lists similar legislation in other jurisdictions.

• Cybersecurity Strategy of the European Union (EU)
• Electronic Communications Privacy Act (USA)

Current Status

The Current Status section, which would be regularly updated, gives the current state of the bill.

2013-04-25: CISPA has passed the House of Representatives and is now headed for the Senate. The White House has given indications it may veto the bill.

Discussion

The Discussion section is where the proposal is analysed in more detail, and the positive and negative parts extracted and examined.

CISPA enables 3 types of information sharing:

1. Government to private companies
2. Private companies to government
3. Private company to private company

The first of these is aimed at solving problems with data security classifications within the government security services, and is in principle a good idea. The only objection is that companies should not be privileged; the information should be shared with the entire community.

The second and third of these raise concerns about user privacy.

Objections to CISPA:

• Currently, companies are privileged recipients of information. Cybersecurity legislation should be drafted to benefit all internet users, not just a subset. This requires openness about the nature and extent of threats.
• The legislation is overpermissive (due to definitional vagueness) in ways which would be very bad for user privacy. For example "a cybersecurity purpose" (the reason for which sharing is allowed) is defined broadly enough to include "preserving a DRM system".
• CISPA broadens the kind of user information that can be provided to government without a warrant, and without justification or mitigation. Any appropriate legislation needs to account for the privacy of the general user base. Users should be able to expect that both companies and the law will defend their right to privacy.
• CISPA provides legal immunity for privacy violations by companies, and there is no requirement to inform you if your information was incorrectly shared.
• CISPA does not reference or encourage security community best practice.

Further Reading and Resources

The Further Reading and Resources section provides relevant external links, including (where available) to the text of the bill. Specific activism will often happen somewhere other than at Mozilla, and the links here should connect people up with whatever is being organized.

• Text of the bill on OpenCongress
• CISPA article on Wikipedia
• CISPA FAQ at the EFF
• What is CISPA, and why should you care? from PC Magazine
• cispaisback.org - see "What's Wrong with CISPA?" section and links - gives talking points