Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Go. No Go. Cyber Intelligence Sharing and Protection Act (CISPA).

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

There’s one thing that all Americans agree on. But, nobody can agree on what that one thing is. That is except for CISPA. Everybody can agree that CISPA is something nobody agrees on – at least as currently constituted.

CISPA’s proponents and opponents do not fall neatly along party lines. One of the bill’s chief authors is House Intelligence Committee Chairman Mike Rogers (R-Mich.) and a top co-sponsor is Rep. Dutch Ruppersberger (D-MD). In fact, when the bill came to a vote in the House, 42 Democrats broke with their party to vote for the bill, and 28 Republicans broke with theirs to vote against it.

And, it appears less a liberal versus conservative issue than a privacy versus security one or perhaps individual rights versus the public good.

The vote in the House of Representatives was 248 for; 168 against. That’s enough to pass the bill, but not enough to override a promised veto by the President; that is if the bill could pass the Senate, which it can’t.

According to, the House adopted several amendments to the bill before passing it, including one by Rep. Mick Mulvaney (R-S.C.) that added a five-year sunset to the bill.

But a motion by Rep. Ed Perlmutter (D-Col.) which added that nothing in the bill could be construed as allowing employers and the government to make employees and job applicants disclose confidential passwords without a court order was voted down. The defeated motion also wanted to add language saying that nothing in the bill could allow the government to block access to the Web through “the creation of a national Internet firewall similar to the ‘Great Internet Firewall of China.’”

Prior to the vote, a Los Angeles Times editorial framed CISPA this way: “The noncontroversial part of the proposal would let federal intelligence agencies disclose sensitive information about cyberthreats to utilities, ISPs and corporate network operators. The controversial part would encourage private industry to monitor any and all activity on their networks for cybersecurity problems and share even potentially sensitive personal information they collect with the feds.” “hung CISPA in a different frame.” “(CISPA) seeks to provide American companies with a greater level of legal breathing room for collecting and sharing their consumer/user data regarding Internet security threats. Essentially, the bill’s goal is to enable these companies to share their data with the government in an effort to fight and prevent cybersecurity attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws.”

In coming out against the measure, the Los Angeles Times editorial said, “(T)he bill’s fundamental problem is that encouraging the operators of broadband services, email systems and social networks to collect information about their users and share it with the government transforms them from service providers to surveillance agencies.”

Following are some pro and con takes on CISPA by members of Congress, the administration, civil rights advocates and hi-tech companies:

House Intelligence Committee Chairman Mike Rogers (R-Mich.): The bill is “needed to prepare for countries like Iran and North Korea so that they don’t do something catastrophic to our networks here in America.”

Rep. Dutch Ruppersberger (D-MD): “This is not a perfect bill, but the threat is great.”

Rep. Ed Markey (D-Mass.): “Americans should be concerned at the extent to which their privacy will be compromised because of the passage of this bill….They should be very afraid.”

Rep. Joe Barton (R-Tex.): “I’d just encourage those that voted for [CISPA] to read the 4th Amendment.”

ACLU legislative counsel Michelle Richardson: “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.” notes pro-CISPA organizations are “several big tech and communications companies, including Facebook, AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.”

Finally, the Obama administration came out strongly opposed. Legislatively, does it get much stronger than a veto?

The Office of Management and Budget said the legislation “fails to provide authorities to ensure that the nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.”

It continued, “Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately” and pointed out that the bill “inappropriately shield[ed] companies from any suits where a company’s actions are based on cyberthreat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated federal criminal law…”

Did you get the feeling that the way people in power describe CISPA is a lot like the blind man describing the elephant? Anyway, down the line CISPA or a similar bill will eventually be passed and signed into law by the President…and thrown out as unconstitutional by the Supreme Court. Just joking (we think).

By ThreatMetrix Posted