CISPA: Cybersecurity That Leaves Us All Unsecure

Here we go again with the right to internet privacy and security for the individual being threatened by the government on behalf of corporations. On November 11 last year, the Cyber Intelligence Sharing and Protection Act was introduced in the House by U.S. Representative Michael Rogers (R-MI) and 111 co-sponsors. The bills supposed purpose would allow the voluntary sharing of attack and threat information between the U.S. government and security cleared technology and manufacturing companies to ensure the security of networks against patterns of attack.

What does that mean, you ask? Well, as Rep. Ron Paul (R-TX) explains the bill would allow “both the federal government and private companies to view your private online communications without judicial oversight provided that they do so of course in the name of cyber-security.” Paul calls the CISPA the new SOPA:

CISPA represents an alarming form of corporatism, as it further intertwines government with companies like Google and Facebook. It permits them to hand over your private communications to government officials without a warrant, circumventing well-established federal laws like the Wiretap Act and the Electronic Communications Privacy Act. It also grants them broad immunity from lawsuits for doing so, leaving you without recourse for invasions of privacy. Simply put, CISPA encourages some of our most successful internet companies to act as government spies, sowing distrust of social media and chilling communication in one segment of the world economy where America still leads.

Proponents of CISPA may be well-intentioned, but they unquestionably are leading us toward a national security state rather than a free constitutional republic. Imagine having government-approved employees embedded at Facebook, complete with federal security clearances, serving as conduits for secret information about their American customers. If you believe in privacy and free markets, you should be deeply concerned about the proposed marriage of government intelligence gathering with private, profit-seeking companies. CISPA is Big Brother writ large, putting the resources of private industry to work for the nefarious purpose of spying on the American people. We can only hope the public responds to CISPA as it did to SOPA back in January. I urge you to learn more about the bill by reading a synopsis provided by the Electronic Frontier Foundation on their website at eff.org. I also urge you to call your federal Senators and Representatives and urge them to oppose CISPA and similar bills that attack internet freedom.

This is CISPA (pdf):

  • CISPA could allow any private company to share vast amounts of sensitive, private data about its customers with the government.
  • CISPA would override all other federal and state privacy laws, and allow a private company to share nearly anything-from the contents of private emails and Internet browsing history to medical, educational and financial records-as long as it “directly pertains to” a “cyber threat,” which is broadly defined.
  • CISPA does not require that data shared with the government be stripped of unnecessary personally-identifiable information. A private company may choose to anonymize the data it shares with the government. However, there is no requirement that it does so-even when personally-identifiable information is unnecessary for cybersecurity measures. For example, emails could be shared with the full names of their authors and recipients. A company could decide to leave the names of its customers in the data it shares with the government merely because it does not want to incur the expense of deleting them. This is contrary to the recommendations of the House Republican Cybersecurity Task Force and other bills to authorize information sharing, which require companies to make a reasonable effort to minimize the sharing of personally-identifiable information.
  • CISPA would allow the government to use collected private information for reasons other than cybersecurity. The government could use any information it receives for “any lawful purpose” besides “regulatory purposes,” so long as the same use can also be justified by cybersecurity or the protection of national security. This would provide no meaningful limit-a government official could easily create a connection to “national security” to justify nearly any type of investigation.
  • CISPA would give Internet Service Providers free rein to monitor the private communications and activities of users on their networks. ISPs would have wide latitude to do anything that can be construed as part of a “cybersecurity system,” regardless of any other privacy or telecommunications law.
  • CISPA would empower the military and the National Security Agency (NSA) to collect information about domestic Internet users. Other information sharing bills would direct private information from domestic sources to civilian agencies, such as the Department of Homeland Security. CISPA contains no such limitation. Instead, the Department of Defense and the NSA could solicit and receive information directly from American companies, about users and systems inside the United States.
  • CISPA places too much faith in private companies, to safeguard their most sensitive customer data from government intrusion. While information sharing would be voluntary under CISPA, the government has a variety of ways to pressure private companies to share large volumes of customer information. With complete legal immunity, private companies have few clear incentives to resist such pressure. There is also no requirement that companies ever tell their customers what they have shared with the government, either before or after the fact. As informed consumers, Americans expect technology companies to have clear privacy policies, telling us exactly how and when the company will use and share our personal data, so that we can make informed choices about which companies have earned our trust and deserve our business.
  • On Wednesday the White House Office of Management and Budget issues a lengthy statement in opposition to CISPA and a threat to veto the bill:

  • “H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. […]”
  • “The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. […]”
  • It would “inappropriately shield companies from any suits where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. […]”
  • And finally, it “effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. […]”
  • “If H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill,” OMB
  • said.

    h/t to Joan McCarter at Daily Kos for the summery

    We at The Stars Hollow Gazette and Docudharma strongly oppose CISPA and urge you to contact your Congress person:

    Tell Congress: Keep My Inbox Away From the Government

    and to sign the petition:

    Stop CISPA

    3 comments

      • on 04/26/2012 at 16:07
        Author
      • on 04/27/2012 at 16:35

      Chairman of the Democratic Congressional Campaign Committee, voted for CISPA, along with 41 Democrats, including Rep. Clyburn.

    Comments have been disabled.