Latest Cybersecurity Bill Even More Of A Concern Than Last Attempt
If you thought SOPA/PIPA were bad, wait till you see CISPA
(ABC News) Congress is set to act on cybersecurity legislation that has been making its way through committees in both chambers for several years. The House is set to vote on these bills during the week of April 23, dubbed “Cybersecurity Week.” The Senate will take action soon after.
A lot of important work has gone into these bills that are intended to strengthen both the government and civilian response to cyber threats. Yet parts of these bills are alarming because, if passed, any information we put online–work, play, personal and sensitive–could be put at risk.
Thoughtful policy can help harden critical infrastructure targets–such as the electric grid, nuclear power plants, and communication networks–against unauthorized intrusions, making the Internet a safer place for all. But if Congress does not step up to make important changes in these bills, we may face an epic loss of our civil liberties.
What is this bill?
(RT) H.R. 3523, a piece of legislation dubbed the Cyber Intelligence Sharing and Protection Act (or CISPA for short), has been created under the guise of being a necessary implement in America’s war against cyberattacks. But the vague verbiage contained within the pages of the paper could allow Congress to circumvent existing exemptions to online privacy laws and essentially monitor, censor and stop any online communication that it considers disruptive to the government or private parties. Critics have already come after CISPA for the capabilities that it will give to seemingly any federal entity that claims it is threatened by online interactions, but unlike the Stop Online Piracy Act and the Protect IP Acts that were discarded on the Capitol Building floor after incredibly successful online campaigns to crush them, widespread recognition of what the latest would-be law will do has yet to surface to the same degree.
The main purpose of CISPA is to protect American intellectual property from state-sponsored digital theft of intellectual property, a worthy notion. And, we learn from PC Magazine
….. the broad language means there is no explicit restriction about the type of information being shared between government and companies, so long as it could somehow be linked to cyber-threats. That’s very worrisome on privacy grounds, since it makes it easier for companies to hand over any information the government asks for and not worry about getting sued by irate users.
Back to the ABC article
Why should companies participate in the “voluntary sharing” the Rogers bill authorizes? The quid pro quo may be irresistible: more useful cybersecurity information from the government and other companies and broad immunity from lawsuits in exchange for sharing. In contrast to the Lungren bill, there are no data restrictions to stumble over and few discernable brakes on the system. When the NSA comes calling with its Easter basket full of goodies, in the form of needed expertise and knowledge of global cyber threats, there will be powerful incentives for industry to return the favor.
Which is why, unlike with SOPA/PIPA, companies are not jumping on the bandwagon in opposing CISPA.
And under Rogers, once your personal information is in the hands of the government, all bets are off. It can be used for any national security purpose, including to track patterns of communications to decide whether to seek authorization to wiretap you. In can be used to prosecute you for any crime, provided an intelligence agency also finds at least a significant national security or cyber security purpose for the information. Lungren by contrast limits sharing to cybersecurity purposes including related law enforcement.
All the Central Government has to due is proclaim that you might possibly sorta maybe just wondering if you could be a threat, and they can get all your online personal information easy peasy. To wrap up, the Center For Democracy and Technology describes it thusly
- The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
- The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
- It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
- Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited.
See the full list of CISPA co-sponsors here. See a complete list of companies and groups that support CISPA here, which includes IBM, AT&T, Facebook, and Verizon. Contact your Congress critter and tell them “hell no!” Tweet it. This short little law, only 13 pages, is too vague, and, will certainly interfere even more with our civil liberties and privacy. It’s not a Democrat/Republican issue, nor a Liberal/Conservative issue, it is a people vs the government issue.