Alternatives to CISPA
Some notable alternatives to CISPA have been put forth, including two bills introduced in the Senate and an Executive Order issued by President Obama.
One of the Senate bills is the Cybersecurity Act (S. 3414) introduced by Senators Joe Lieberman (I-CT), Susan Collins (R-ME) and three other senators. It is a much longer (in excess of 200 pages) and more detailed bill than CISPA that opens up ways for private entities and the federal government to share information related to cyberthreats, puts oversight of sharing in the purview of the DHS and also allows for setting up cybersecurity guidelines to be followed on a voluntary basis, but with incentives for compliance by private entities. It creates the National Cybersecurity Council (NCC) to be made up of representatives from multiple agencies (both civilian and military) to coordinate with the private sector to assess computer system vulnerabilities and come up with the guidelines.
The Cybersecurity Act was amended to include more protections to privacy and civil liberties, including a guarantee that only civilian (non-military) organizations have access to shared cyberthreat information and an exemption of first-amendment protected activities from being identified as categories of critical cyber infrastructure. It also doesn't include national security as one of the possible uses of shared cybersecurity information, but it does let the federal government use the information for the other three reasons allowed under CISPA.
A rival bill introduced by Senator John McCain (R-AZ) and several co-sponsoring senators is called the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT Act, S. 3342). It is also a heftier bill than CISPA, coming in at more than 100 pages. It would facilitate information sharing between multiple government agencies and private entities on cyberthreats, strengthen criminal penalties related to cybercrimes, foster networking and information technology research and development and sharing of research, and would allow the Department of Commerce, Department of Homeland Security, and the National Security Agency (NSA) to coordinate on policies regarding cybersecurity efforts. It has faced many of the same criticisms as CISPA, including that it has an overbroad definition of cyberthreat information, places few limits on the types of information that can be shared and how it can be used (including cybersecurity purposes, national security purposes and a whole host of criminal prevention, investigation and prosecution purposes), similar "notwithstanding any other provision of law" language and oversight issues, such as the removal of lawsuit liability from companies and the shared information being exempt from the Freedom of Information Act. It is also criticized for putting a non-civilian entity (the NSA) in charge of information sharing.