The criticism that, by including a provision for the protection of intellectual property, CISPA is little more than a less-conspicuous form of the draconian SOPA bill seems misguided. CISPA is vague and unnecessarily broad, but it’s not SOPA. In fact, the very same Internet companies that were so adamantly opposed to SOPA might support CISPA. Facebook already does.
CISPA is actually good, in theory. The idea of sharing cybersecurity information between private companies and the government has merit, especially in a world of increased cyberattacks against organizations in both sectors. If you’re trying to discover patterns in attacks, more data is always better, and web sites are attacked constantly. That they also could have access to classified government data is particularly beneficial.
But CISPA isn’t perfect. In fact, it’s vague to the point of being a problem, which is what’s driving concern over the bill. To me, CISPA doesn’t read like SOPA in disguise, but it doesn’t expressly deny that possibility either.
Probably the biggest problem is what a company is able to do to “protect” itself from such threats. As the EFF points out, CISPA allows companies to “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity.” It also grants companies immunity from lawsuits if they exercise their rights under the bill in good faith.