Remember the Stop Online Piracy Act (SOPA)? It was that anti-piracy bill in the House of Representatives that stirred up enough controversy to start a Reddit-lead grassroots anti-SOPA campaign, which blacked out the internet for a day. Now, hardly a quarter later, the House of Representatives is at it again, attempting to pass a cybersecurity bill that holds consequences much more dire than that of SOPA.
The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill that allegedly will increase the US government’s ability to fend off attacks against networks and enforce copyright and patents. However, much like SOPA, CISPA is a flawed bill that lacks the safeguards required to preserve the privacy and civil liberties that are required with a bill of this nature.
The bill itself authorizes monitoring of private communications if a cybersecurity threat is posed; however, the bill is written with such broad language that it would essentially allow companies to pass enormous amounts of information to the government with minimal judicial reprimand and burn a loophole through the dozens of existing privacy laws that protect individual liberties.
With a phrase as intricate as cyber threat intelligence, it would be expected that the bill specifically defines what is meant of it; however, the bill provides an extremely general answer that poses a large threat to personal privacy.
Without specifics, it is impossible to determine what would be considered cyber threat intelligence; however in the Senate version of the bill, activities such as using an anonymizing service could be considered an indicator of the aforementioned threat and lead to the invasion of privacy.
As long as companies believe they have cyber threat intelligence, they may voluntarily hand over private communications to the government without consequence. Specifically, the companies may wash their hands of any wrongdoing unless the information was given to the government “intentionally to achieve a wrongful purpose; knowingly without legal or factual justification; and in disregard of a known or obvious risk that is so great as to make it highly probable that the harm of the act or omission will outweigh the benefit.” Without a doubt, the little immunity provided to citizens with CISPA is so onerously vague that it is essentially impossible to sue a company for misconduct.
Under CISPA, the information given to the government by the companies under this bill may be first read by the Department of Homeland Security, who may in turn distribute the information to other intelligence agencies, including the National Security Agency, at its discretion.
Publicly, large companies, such as AT&T and Facebook, have endorsed this legislation because they believe in the goals set forth by this bill to help them receive information from the government about network security threats.
However, CISPA is not the bill that many of these companies believe it to be. The bill itself does not provide the provisions that help the aforementioned companies while conversely including many provisions that essentially destroy the definition of privacy and civil liberty.
CISPA is a flawed bill with the potential to destroy the privacy of an entire nation. Much like the grassroots movement against SOPA, action must be taken against this bill before it is passed through Congress.
Campaigns, such as the Stop Cyber Spying Week, a week of action to protest CISPA led by civil liberties organizations, are the only way to refuel the movement against the invasion of privacy.
