Defense contractors aren’t the only companies that need to defend their intellectual properties against cyber attacks, but they’re the first ones that the federal government started to help. In 2011, the Defense Department rolled out the Defense Industrial Base cyber security pilot project, which allowed the government to hand over information it had identified about potential attacks to defense contractors.
This is exactly the sort of transfer of information that President Obama’s executive order will allow a wider range of companies to benefit from, with more specific, detailed information from the government about cyber threats.
Like the president’s executive order, CISPA would increase information sharing about cyber threats between the public and private sectors. But it would also open a path for information to flow the other way—from private companies to the government. And while the executive order earned praise from groups concerned with Internet privacy, like the Center for Democracy and Technology and the American Civil Liberties Union, CISPA still raises concerns.
“The executive order has to follow current law,” says the Electronic Frontier Foundation’s Mark Jaycox. “If you were to just generalize to a high level, CISPA creates new powers for companies to spy on people and gives them carte blanche to give that information to the government.”
Specifically, CISPA would give companies more legal protections in the eventuality that, in the process of handing over information to the government, they passed along their customers’ personal information, as well. The bill’s sponsors emphasize that this sharing is entirely voluntary—that the government won’t be able to monitor individuals through this program. The privacy groups’ concern is that individuals’ communications and online activities will become a casualty of companies’ desire to have the government help protect their intellectual property.
It’s not clear that CISPA will get any further than it did last year, when it passed the House, earned a veto threat from the president, and stopped cold in the Senate. If the revived bill is to make it into law, it’ll have to avoid a renewed veto threat—lawmakers will have to convince President Obama that the policies they’re proposing not only complement his, but won’t undermine the privacy protections that his executive order made a point of including.
Disclosure: CJR has received funding from the Motion Picture Association of America (MPAA) to cover intellectual-property issues, but the organization has no influence on the content.