This is “cybersecurity week,” according to Brock Meeks at Wired.com when CISPA (the Orwellian-named Cyber Intelligence Sharing and Protection Act) is scheduled to move to the House floor for a vote. Offered originally before SOPA (the Stop Online Piracy Act) and its sister PIPA (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act) were blown up in January, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) have offered some amendments to the bill (H.R. 3523) to soften some of its critics and to avoid the same result.
The primary problem, according to Meeks, is that it tries to kill a flea with a baseball bat: Any alleged security the bill offers against potential hackers “comes at the expense of unfettered government access to our personal information, which is then likely to be sucked into the secretive black hole of the spying complex known as the National Security Agency.”
Despite some window dressing by Mssrs. Rogers and Ruppersberger, the bill still has major problems. First it has “an overly broad, almost unlimited definition of the information [that] can be shared [by private Internet companies] with government agencies.” It overrides existing federal or state privacy laws with its language that says information between private and public agencies is shared “notwithstanding any other provision of law.”
In addition, the bill would create a “backdoor wiretap program” because the information being shared isn’t limited specifically to issues of cybersecurity but could be used for any other purpose as well. The language is unclear about what would trigger a CISPA investigation: “efforts to degrade, disrupt or destroy” a network. Would that apply to someone innocently downloading a large file—a movie, perhaps—that is perceived, under the bill, to be an “effort to degrade, disrupt or destroy” a network?
As it stands the bill allows companies to turn over private information to the government and for them to use it for any purpose they see fit, all without a warrant. For 40 years we have had legislation about wiretapping that protects people. This [bill] would overturn that and make a cyber exception.
She concluded that “this bill is simply too broadly defined and overturns vital protections.”
Rainey Retiman at the Electronic Frontier Foundation (EFF) has similar concerns:
There is no standard for the type of information that can be collected. In other words, if it’s information, it can be collected and passed along.
The personal information collected can be sent to the NSA, the same agency that was found guilty of conducting illegal surveillance programs in 2010 without warrants.
The bill fails to state clearly what the information will be used for. Without that clarity, it can be used for any purpose.
Opposition to the bill ranges all the way from Russia Today, which calls CISPA “worse than SOPA” to the Constitution Project which “believes [that CISPA] poses major risks to civil liberties that must be addressed before [it] is enacted into law.” According to Constitution Project spokeswoman Sharon Bradford Franklin, “the changes in its most current draft do not come close to addressing the civil liberties threats posed by the bill, and some of the proposals would actually make CISPA worse. Therefore, Congress should not pass CISPA.”
Republican presidential candidate Ron Paul was even stronger in his criticism of the bill:
CISPA is essentially an Internet monitoring bill that permits both the federal government and private companies to view your private online communications with no judicial oversight — provided, of course, that they do so in the name of “cybersecurity.” The bill is very broadly written, and allows the Department of Homeland Security to obtain large swaths of personal information contained in your emails or other online communication. It also allows emails and private information found online to be used for purposes far beyond any reasonable definition of fighting cyberterrorism…
CISPA is Big Brother writ large, putting the resources of private industry to work for the nefarious purpose of spying on the American people. We can only hope the public responds to CISPA as it did to SOPA back in January.
To enlist in such efforts to bring pressure, and reason, to members of the House, several online petition drives are collecting hundreds of thousands of signatures, including the ACLU and AVAAZ.org which has collected nearly a million signatures already. With over 100 members of the House publicly supporting the bill along with information technology companies such as AT&T, Facebook, IBM, Intel, Microsoft, Oracle, and Verizon, it’s going to be a near thing. That’s the price of liberty: It must be fought for and defended every day.