Core functions of CISPA are supposed to help drain the Internet of malicious cyberthreats now sluicing through it via telecom pipelines controlled by Internet backbone firms like Verizon and AT&T.
Under CISPA, the Internet providers and other private companies would:
- Receive classified digital signatures and other data from the US government agencies, including intelligence agencies like the National Security Agency, to help identify malicious Internet traffic.
- Give private Internet providers and others the right to defend their own networks and their corporate customers – and share cyberthreat information with others in the private sector and with the federal government on a voluntary basis.
- Encourage, but not require, private companies to “anonymize” information that they voluntarily share with government and nongovernment entities.
- Grant to Internet providers immunity from privacy lawsuits in which customer information was voluntarily disclosed as a possible security threat.
- Grant Internet companies antitrust protection that immunizes them against allegations of colluding on cybersecurity issues.
- Require an independent audit of information shared with the government.
Such provisions, though, were either troubling or insufficient to the White House and privacy groups. While the idea of broader information sharing is generally accepted as a requirement for any cybersecurity bill, CISPA provisions and the new amendments do not go nearly far enough to protect Americans privacy, its opponents say.