Under the narrower definition, a cyber threat is defined as an effort to “gain unauthorized access to a system or network.” This change is designed to assuage opponents who criticized the previous version for being so broad it could be used against websites for posting copyright infringing material, which would make it similar to the controversial Stop Online Piracy Act (SOPA) legislation that was eventually dropped in response to protests.
The purpose of the legislation, according to proponents, is to enable participating businesses to share cyber threat information with others in the private sector and enable the private sector to share information with the government on a voluntary basis in order to combat cyber espionage and intellectual property theft.
Critics, however, argue that the bill would expand the government’s ability to monitor and censor the internet. Privacy groups, including the Center for Democracy and Technology (CDT), the Electronic Frontier Foundation, the American Civil Liberties Union, and Free Press have launched an online campaign against provisions of the legislation.
"CDT's main concerns with CISPA are that it has an almost unlimited description of the information that can be shared with the government; it allows for a large flow of private communications directly to the NSA [National Security Agency], an agency with little accountability; and it lacks meaningful use restrictions – it should be made clear that information shared for cybersecurity should be used for cybersecurity purposes, not unrelated national security purposes or criminal investigations", said CDT senior counsel Greg Nojeim.
Facebook, an opponent of SOPA, has taken heat for supporting CISPA. Joel Kaplan, vice president for US public policy at Facebook, defended his company’s support in a blog post.
“A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone – and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today”, he wrote.