Last week the US House passed the The Cyber Intelligence Sharing and Protection Act (CISPA) and like all of these types of bills that have come through Congress, this bill only seems to protect businesses at the expense of people’s rights. It also gives more power to the Government to violate your 4th amendment rights in the name of “cybersecurity”. The White House has threatened to veto the law but now is the time to contact your Senator and tell them to say no to CISPA.
What is CISPA and why is it a bad law. Let the Electronic Frontier Foundation explain:
CISPA stands for The Cyber Intelligence Sharing and Protection Act, a network and Internet security bill written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) (H.R. 624). The bill purports to allow companies and the federal government to share information to prevent or defend against network and other Internet attacks. However, the bill grants broad new powers, allowing companies to identify and obtain “threat information” by looking at your private information. It is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.
CISPA allows a company to obtain and share “cyber threat information” if it has both a “cybersecurity purpose” and believes it is protecting its rights and property.
A “cybersecurity purpose” only means that a company has to think that a user is trying to harm its network. What does that mean, exactly? The definition is broad and vague. The definition allows purposes such as guarding against “improper” information modification, ensuring “timely” access to information or “preserving authorized restrictions on access…protecting…proprietary information” (i.e. DRM).
Even if the company violates your privacy beyond what CISPA would permit, the government does not have to notify the user whose information was improperly handed over—the government only notifies the company.
CISPA provides legal immunity to a company for many actions done to or with your private information, as long as the company acted in “good faith.” This is an extremely powerful immunity, because it is quite hard to show that a company did not act in good faith. These liability protections can cover actions the company uses to identify and obtain threat information and the subsequent sharing of that information with others—including the government. The immunity also covers “decisions made based on cyber threat information,” a dangerously vague provision that has never been defined.
The problem isn’t that it attempts to secure our computer networks. The problem is it is too vague and could be abused (and probably will be abused like The Digital Millennium Copyright Act is abused)
The US House passed the bill last Thursday (4/18) and it now moves to the Senate. Now is the time to stop the bill by contacting your Senators and asking them vote against this bad bill. The White House has threatened to veto the bill but we shouldn’t depend on that.
I contacted my Senator and got this e-mail reply:
Thank you for sharing your concerns with the government’s cyber security efforts and our First and Fourth Amendments.
While much has been done to protect our country from cyber terrorism, we still face significant vulnerabilities in critical infrastructure such as electronic banking, air traffic control, basic utilities, and telecommunications services.
The Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House of Representatives in April 2013, is designed to address the questions of sharing cyber threat intelligence. I have heard from some individuals concerned that cyber specific legislation could infringe on their civil liberties. Your concerns regarding the sharing of personal information between private companies and the federal government are worthy of close inspection. While I support efforts to protect our nation from terrorism, I agree that it is important that such efforts do not compromise our civil liberties and constitutional rights.
Should CISPA or related legislation come before the Senate for a vote, I will keep your views in mind. Thank you again for getting in touch with me.
United States Senator