The Cyber Intelligence Sharing and Protection Act (CISPA) is billed by its supporters as a way to help slow cyber hacking attempts targeted at enterprises. They believe that the data-sharing capabilities of the bill will help companies slow the perceived growing tide of state-sponsored attacks on private industry.
However, opponents of the bill say that CISPA lacks proper oversight and could lead to privacy concerns. Opponents, such as the White House, say that any data sharing bills must include amendments that require private information to be handled by civilian government agencies.
They believe that loopholes in the bill could cause groups like the FBI to use personal user data for reasons other than cyber security. Furthermore, commentators believe that data-sharing bills in their current state could end up causing disputes with the Fourth Amendment.
But if you took away those privacy concerns, would a bill like CISPA actually help stop cyber security breaches? Some advocates feel that a bill like CISPA would do little to change the current data-sharing paradagim used within private and government agencies.
Challengers of the bill say the government and private industry are already doing a competent job sharing data without legislation. They told V3 that there are better security options than what is on the table with current government legislation.
Electronic Frontier Foundation (EFF) policy analyst and legislative assistant Mark M. Jaycox told V3: "In the past we've seen companies share information about threats with other companies and with the government. Google in 2010, Facebook at the end of last year, and the recent Mandiant report have all shared vital information to ensure against threats."
According to Jaycox, appropriate protection measures are already being handled within the public and private sectors. While he believes better co-ordination could improve the efforts, he feels that it can be done without legislation.
"Co-ordination could always work better, and that is one of CISPA's aims, but the government is already doing a pretty good job without such legislation," continued Jaycox. "For instance, there are multiple information exchanges already in place. President Obama's recent Executive Order further enhances such sharing while ensuring better privacy protections than CISPA."
While bills like CISPA continued to work their way through Congress, some commentators also believe that data sharing will not slow hacks. The American Civil Liberties Union (ACLU) legislative counsel Michelle Richardson thinks the best way to prevent cyber hacking effects on end users is improved awareness of security best practices.
"I would say that the industry agrees that consumer threats can be mitigated through improved hygiene," she told V3.
CISPA supporters say that the bill would benefit end users by protecting their data on sites such as Facebook and Google. However, Richardson believes that if users were better educated about cyber security they could improve their chances of avoiding a data leak.
According to Richardson, making end users aware of the power they have to prevent security breaches is key to stopping bills like CISPA from being passed in their current form.
She said that media sensationalism about hacking gives end users a false sense of fear when it comes to protecting their data. "The reporting on it can often be a huge disservice. I certainly think that the media calling anything a cyber attack isn't really helpful," added Richardson.