Saturday, April 28, 2012

CISPA: What's Next?

Author's Note: I've covered the Cyber Intelligence Sharing and Protection Act thoroughly in three previous columns you may want to read if you're not up to speed on the issue: CISPA Keynotes Cybersecurity Week, Who's Buying CISPA and Selling Us Out? and CISPA House Debate Starts Tomorrow.

Congress is currently considering CISPA – the Cyber Intelligence Sharing & Protection Act – a bill that purports to protect the United States from “cyber threats” but would in fact create a gaping loophole in all existing privacy laws. If CISPA passes, companies could vacuum up huge swaths of data on everyday Internet users and share it with the government without a court order. I oppose CISPA, and I’m calling on Congress to reject any legislation that:
  • Uses dangerously vague language to define the breadth of data that can be shared with the government.
  • Hands the reins of America’s cybersecurity defenses to the NSA, an agency with no transparency and little accountability.
  • Allows data shared with the government to be used for purposes unrelated to cybersecurity.
Join me in opposing this bill by posting this statement on your own page and using this online form to send a letter to Congress against CISPA.

CISPA passed the House of Representatives on Thursday, with a vote of 258-168, even after this Tireless Agorist's impassioned pleas. I guess I don't run the world... yet.

Not only did it pass, but so did the Quayle amendment, which expanded the scope of the allowable uses of the data collected. Techdirt has the story.
Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.

Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government's power.
The Washington Post has a decent overview of the bill, although it doesn't include the latest news about Microsoft.
How it could affect you: As we’ve noted above, CISPA could be interpreted to allow companies to share any of their customers’ personal data as long as the companies say that the information is related to a “cyber threat.” That includes agencies such as the Department of Homeland Security and the National Security Agency. And while the bill doesn’t require that companies share this data — Facebook, for one, has said that it “has no intention” of sharing personal information with the government — the bill doesn’t require a warrant for the information.

If companies are willing to cooperate with the government, that means that users could have their personal information shared with the government without their permission.
The article also points out that while the support for the bill is bipartisan, so is the dissent.
There is also, however, bipartisan dissent on the bill. Rep. Ron Paul (R-Tex.) said in a statement Monday that “CISPA is Big Brother writ large, putting the resources of private industry to work for the nefarious purpose of spying on the American people.” And Rep Jared Polis (D-Colo.) made an impassioned speech against CISPA on the House floor, saying that the bill would “waive every single privacy law ever enacted.”
The only good news on the topic is that Microsoft, previously a supporter, has now withdrawn their support, citing privacy concerns.

From PC World comes CISPA: 4 Viewpoints You Should Hear, which offers this expectation for the Senate, another glimmer of faint hope.
Jennifer Martinez, technology policy reporter for Politico, says Democratic sources told her that CISPA is “basically dead on arrival” because of the privacy concerns associated with it. She also says that nothing will happen with CISPA at least for the next week because the Senate is currently in recess and Senate Majority Leader Harry Reid has said the issue will get picked up sometime in May.
The Raw Story explains 5 ways CISPA could be worse than SOPA for Internet activists. It's recommended reading: the details are chilling.
5. SOPA would have destroyed website domains over copyright, but CISPA will destroy all semblance of privacy on the Internet.
4. SOPA put media pirates in the sights of content creators, but CISPA puts whistleblowers and journalists in the sights of corporations and governments.
3. SOPA would have broken the core architecture of the Internet to censor individual websites, but CISPA could aid the censorship of entire societies.
2. SOPA would have given too much power to content creators, but CISPA proposes complete spying freedom for an agency that’s wholly unaccountable.
1. SOPA was similar to a bailout for a few Hollywood studios, but CISPA is like a bailout for the whole tech industry.
GigaOM asks Why is Silicon Valley silent on CISPA? The CEO of UmeNow declares CISPA is Anti-American and Unethical, while PolicyMic declares CISPA Would Allow Big Corporations to Steal All Your Data and offers this chilling example.
As just one example of why this is a problem, if you happened to develop a device that would cut the oil consumption of the U.S. in half, and you submit it for patent via the internet, that submission can be classified as security sensitive, passed on to a corporation with ties in China, and your device could be manufactured there before it gets through the patent process here, which will negate your patent application.
Does that sound like a good idea to you? If not, scroll back to the top of this article and get started on your assignments. It's going to take all of us pulling together to stop this juggernaut.

...and that's all I have to say about that.


  1. So we can still contact our reps? Will it help, even though they've already voted? What else, if anything?

    1. The link in the box at the top of the page lets you send a letter to your rep and both Senators. Even though the House has voted, the Senate has not... and letting your rep know how you feel about trash like this in general is never a bad idea.

  2. I'm thinking there's a significant group of people who feel like "Hey, I'm not doing anything illegal. And this will help protect us all from identity theft, terrorist threats, etc."

    Any thoughts?

    1. I'm thinking those people aren't thinking very hard. Or to put it another way, a conservative or liberal is a libertarian who hasn't had the drug dogs pull a false positive on their car at a checkpoint.

      Or to put it in a way those non-thinkers might understand, not doing anything wrong is no guarantee against mistakes or malfeasance.