The controversial Cyber Intelligence Sharing and Protection Act (CISPA) now appears to be dead in the Senate, despite having passed the House by a wide margin earlier this month. Though tech, finance, and telecom firms with a combined $650 million in lobbying muscle supported the bill, opposition from privacy groups, internet activists, and ultimately the White House (which threatened to veto the law) seem to have proven fatal for now.
Few object to what technology companies and the government say they want to do in practice: pool data about the activity patterns of hacker-controlled “botnets,” or the digital signatures of new viruses and other malware. This information poses few risks to the privacy of ordinary users. Yet CISPA didn’t authorize only this kind of narrowly limited information sharing. Instead, it gave companies blanket immunity for feeding the government vaguely-defined “threat indicators” — anything from users’ online habits to the contents of private e-mails — creating a broad loophole in all federal and state privacy laws and even in private contracts and user agreements.