CISPA must be stopped
With the passage of the Cyber Intelligence Sharing and Protection Act (CISPA) in the House last week, many of us are still trying to determine the impact of the bill on the Internet and how it will affect users.
There is no easy answer to the question, after all, this is a complex issue in a time when hacking and other cyber crimes are becoming more prominent. But those of us that helped kill the Stop Online Piracy Act (SOPA) because of concerns over censorship, CISPA may indeed be much worse because it essentially ignores Fourth Amendment protections:
According to the bill’s main author, Rep. Mike Rogers (R-Mich.), CISPA’s main purpose is to allow companies and the government to share information to prevent and defend against cyberattacks. But the bill’s language is written so broadly that it carves out a giant cybersecurity loophole in all existing privacy laws.
The problem is in the bill’s definition of “cyber threat information” and how companies can respond to it. “Cyber threat information” is an overly vague term that can be interpreted to include a wide range of tasks that normally wouldn’t be considered cyberthreats — like encrypting emails or running an anonymization tool such as Tor — and as a result, a company’s options would be so numerous as to allow it to read any user’s communications for a host of reasons.
Those communications could then be handed over to the government voluntarily without a warrant or any oversight, nullifying well-established laws like the 1968 Wiretap Act and the 1986 Electronic Communications Privacy Act, which prevent companies from reading your communications except under very specific circumstances and prevent the government from getting users’ communications without judicial review.
Once the U.S. government gets hold of such information, the problem intensifies. Private communications can be passed on to intelligences agencies like the National Security Agency (NSA) and the military — bypassing decades of law barring intelligence agencies from spying on Americans — and be used for other law enforcement purposes besides cybersecurity. Almost as an afterthought, the bill also increases government secrecy — already at an all-time high — by creating a new exception to the Freedom of Information Act for any information the government receives from companies.
It has become clear by now that CISPA is far more than a mere “cybersecurity” bill.
Unfortunately, members of the House from both parties weren’t overly concerned about the glaring constitutional issues with the bill. And it’s unlikely that the Senate will do much to make it any better. We’re left hoping that President Barack Obama will follow through on his veto threat, issued largely because the bill isn’t broad enough. Otherwise, there is really nothing standing in the way of CISPA and the fundamental changing of the Internet.