If at first a controversial cybersecurity bill fails, remove one letter from its title and try again.
On Tuesday the Senate passed the Cybersecurity Information Sharing Act. CISA would force websites and tech firms to share user information with the government, so long as that information fits an astonishingly vague description of a “cyber threat.”
If this sounds like a bill Americans have protested and killed several times over the last half-decade, it’s because it is.
The newly successful CISA is recycled from a less-popular model. Its look-alike, the Cyber Intelligence Sharing and Protection Act (CISPA), offered nearly identical immunities for companies that share information with the government. But unlike CISPA, which was abandoned after loud condemnation from activists and an unofficial veto from the president, CISA is gaining momentum.
CISPA originated in the House of Representatives, but failed in the Democrat-majority Senate in 2013. CISA, which originated and passed in the Senate, is expected to cruise to approval in the House.
A veto, like the one President Barack Obama threatened for CISPA if it came to his desk in 2013, is also unlikely. The White House expressed its support for CISA earlier this year.
“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” White House spokesperson Eric Schultz told The Hill in August.
But opponents say what you’re already thinking: CISA is almost the exact same bill as the one the president threatened to veto.
“CISPA is nearly identical to CISA. The bill approaches information sharing from the same framework,” Mark Jaycox, an analyst with the Electronic Frontier Foundation, said. “The Senate bill [CISA] is just smarter with workarounds.”
Both bills would offer immunity to companies if they turned over information to the government in order to expose broadly defined “cyber threats.” CISA contains only minor updates, which activists say make the bill more potent than its predecessor.
“CISPA was pretty overt in saying ‘the National Security Agency is going to be the lead in this, it’s going to collect the information,’” Jaycox said. “CISA says the Department Homeland Security will be the lead in this, but the DHS has to automatically share it with the NSA … There are small, sly changes like that within CISA.”
In 2011 and 2012, the Internet rallied against SOPA and PIPA, two controversial bills that would have given the government new powers to block websites that violated copyright. CISPA sank in the Senate in 2013, after coming under similar fire from privacy activists. Hacktivist organization Anonymous spearheaded an anti-CISPA day in April 2013, joined by over 900 websites that blacked out their homepages in protest.
Some opponents worry that this force is waning, however.
“A lot of the same advocates and organizations that mobilized during the fight against SOPA and PIPA are also very engaged in the fight against CISA,” Tim Karr, senior director of strategy at Free Press, said.
“There’s an ongoing coalition, but the scale in terms of public opposition isn’t quite the same caliber as before. With PIPA and SOPA you had literally tens of millions of people engaged, writing and calling Congress, posting blackouts on their sites… I don’t think it’s quite the same scale.”