CISPA aims to beef up our nation’s cyber defenses by allowing government agencies and private organizations to share information about potential threats, even if that intel might otherwise be classified.
Who could possibly object to that? Well, anyone who’s taken a close look at the bill. Thanks to some vague and overbroad language, CISPA as it currently stands would apply to any “theft or misappropriation of private or government information, intellectual property, or personally identifiable information” – way beyond what might logically constitute a threat against this nation.
In other words, CISPA could be used to shut down sites that have published classified information (like WikiLeaks or The New York Times), as well as prosecute individuals for sharing copyrighted content or blowing the whistle on corrupt organizations.
As the Electronic Frontier Foundation notes:
The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
According to CISPA, Uncle Sam could enlist the help of your ISP, wireless carrier, Google, Facebook, or any other private entity to identify cyber threats, and you wouldn’t be able to sue these entities for violating your privacy so long as they acted “in good faith.”
TechDirt’s Leigh Beadon digs a little deeper:
CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals. There is no incentive in the bill to anonymize this data—there is only a clause permitting anonymization, which is meaningless since the choice of what data to share is already voluntary.
You say you live in a state whose laws prohibit some of these abuses? Sorry Charlie, CISPA would preempt them.
Your only protections against abuse: Yearly audits by the Privacy and Civil Liberties Oversight Board. What, you’ve never heard of the PACLOB? That may be because its five slots have been empty since 2008, following accusations of White House censorship. Over the last two years President Obama nominated candidates to fill each of those slots, but they have yet to be approved by the Senate.
A blank check for private companies and the Federal government to trample the Fourth Amendment, with annual oversight provided by ghosts? That sounds like just the kind of brilliant idea our benighted Congress is likely to endorse.
A clue to what this bill is really about can be found in the first paragraph of a press release from the House Select Committee on Intelligence boasting about CISPA’s broad bipartisan support:
“Over 100 Members of Congress are supporting the Cyber Intelligence Sharing and Protection Act (H.R. 3523), which helps protect American businesses and jobs.”
Since when is a “cyber security” bill supposed to be about jobs? Small wonder that companies like AT&T, Microsoft, IBM, Facebook, and Verizon have all publicly endorsed it. (Apparently the RIAA and MPAA decided to sit this one out.)
CISPA sailed through committee and may come up for a House vote before the end of this month. Don’t like the idea? The EFF has set up a handy form where you can send an email opposing the bill to your local representatives. PopVox has set up a page where you can express your support or opposition to CISPA. That probably won’t have any effect on Congress, but it might make you feel better.
If Uncle Sam wants to keep foreign intelligence services from hacking our computer infrastructure, I’m all for it. But throwing yet another bone at the content cartel while calling it a “security” measure isn’t going to cut it.
This post originally appeared on InfoWorld.
Cool faux poster courtesy of The Desert Lamp.