Nothing. Just privacy. And the breaching of private contracts. And the rule of law. Aside from that, CISPA is just fine.
The enormous pushback against SOPA has forced the internet privacy invaders to change their tactics and have crafted a bill called the Cyber Intelligence Sharing and Protection Act (CISPA) which, in typical Orwellian terms, does precious little in protecting and a lot in sharing – especially sharing without limit or constraint under law. As long as information shared with government agencies is well-intended, privacy breaches are protected: those whose privacy is invaded have no legal recourse.
That’s what the fuss is all about. This time, the Economist gets it right:
[The bill’s] fans, which include companies such as IBM and Intel, say the bill’s provisions will help America defend itself against attempts by hackers to penetrate vital infrastructure and pinch companies’ intellectual property.
CISPA’s critics, which include the Electronic Frontier Foundation, a digital-rights group, and Mozilla, the maker of the Firefox web browser, argue that it could achieve that goal without riding roughshod over privacy laws designed to prevent the government getting its hands on citizens’ private data without proper judicial oversight…
In theory everything from e-mails to medical records could end up being shipped to intelligence agencies, even if it is not needed. Harvey Anderson of Mozilla says CISPA “creates a black hole” through which all kinds of data could be sucked in by the government.
The bill does forbid the use by officials of personal information from medical records, tax returns and a list of other documents. But its critics say it would be far better if companies had to excise such data before sharing what is left.
What makes me nervous about CISPA and its real intent is the unwillingness of the House Rules Committee to go along with a simple amendment that would have relieved a lot of fears. The fact that the committee refused to do something this simple gives me reason to think there’s more here than just “cybersecurity”. Even the Economist agrees:
The broad legal protection CISPA offers to firms could be abused by companies keen to cover up mishaps in their handling of customer data. A more carefully worded legal indemnity would stop that happening.
CISPA appears to be another ham-handed intrusive solution to a simple problem: how to allow various ISPs to alert others, and government agencies, to internet threats voluntarily without exposing their customers’ private information for all the world to see.
When in doubt, I vote no.