COME TOGETHER TO STOP CISPA!
WHAT IS CISPA?
The Cyber Intelligence Sharing and Protection Act (H.R. 3523) is a bill introduced in the United States House of Representatives by Reps. Mike Rogers (D-MI) and C.A. “Dutch” Ruppersberger (D-MD) in late 2011. It amends the National Security Act of 1947 to allow private companies and US government intelligence agencies to share information regarding perceived cyber threats.
WHAT IS WRONG WITH CISPA?
1. CISPA’s language, particularly in reference to how it defines “cyber threat,” is far too broad.
The bill’s definition of a “cyber threat” is so vague that it may potentially allow CISPA to encompass a far broader range of targets and data than initially contemplated by its authors. “Cyber threat” is a critical term in the bill, and is defined therein as:
…information directly pertaining to a vulnerability of, or threat to a system of network of a government or private entity, including information pertaining to the protection of a system or network from —
(A) efforts to degrade, disrupt, or destroy such system or network; or
(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
Under this overly broad, vague definition, whistleblowers and leakers such as Wikileaks, tech blogs carrying the latest rumours and gossip from companies, news and media sites publishing investigations, security researchers and whitehat pen testers, torrent sites (including our beloved Pirate Bay), and of course, yours truly, Anonymous, would all be ripe targets.
Additionally, as the Electronic Frontier Foundation (EFF) notes, CISPA’s broad definition of “cybersecurity” is so vague that it leaves open the door “to censor any speech that a company believes would ‘degrade the network.’” Going one step further, the bill’s inclusion of “intellectual property” provides for the strong possibility that both private companies and the federal government will likely be granted “new powers to monitor and censor communications for copyright infringement.” (Full EFF letter here)
2. CISPA demonstrates a complete disregard for reasonable expectations of privacy protection and essential liberties by providing for unaccountable sharing of user data.
As laid out, CISPA allows a large, nearly unchecked quantity of any and all information on a target to be obtained and shared between private companies and government agencies. The bill’s text states, “Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes…share such cyber threat information with any other entity, including the Federal Government.”
Why is this problematic? As it stands, CISPA’s text allows for a slippery slope of information and data that could be shared amongst private companies and the federal government without any regard for a target’s personal privacy protections. Such information could very well include account names and passwords, histories, message content, and other information not currently available to agencies under federal wiretap laws.
In a position letter addressed to Congress on 17 April 2012, CISPA critics point out:
CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-‐crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s ‘information sharing’ regime allows the transfer of vast amounts of data, including sensitive information like internet use history or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command.
3. The broad language in CISPA provides for the uncertain future expansion of federal government powers and a slippery slope of cybersecurity warrantless wiretapping.
Of particular concern is the word “notwithstanding,” which is a dangerously broad word when included in legislation. The use of “notwithstanding” will allow CISPA to apply far beyond the stated intentions of its authors. It is clear that the word was purposefully included (and kept throughout rewrites) by the bill’s authors to allow CISPA to supersede and trump all existing federal and state civil and criminal laws, including laws that safeguard privacy and personal rights.
The fact that the sponsors and authors of CISPA claim that they have no intentions to use the overly broad language of the bill to obtain unprecedented amounts of information on citizens should be of little comfort to a concerned onlooker. As it stands, if CISPA passes in Congress and is signed into law by the President, its broad language WILL be law of the land and WILL be available for use by agencies and companies as desired. Why should our only protection against rampant cyber-spying be us trusting the government or companies NOT to take CISPA over the line of acceptable (if any) data collection?
WOW, CISPA SUCKS! HOW CAN I HELP STOP IT?
Below are some various ways that YOU can get involved in the online and real world struggles against CISPA. It will take all of us to stop this bill, but we did it before with SOPA, PIPA, and [hopefully] ACTA, and we’re confident that it can be done once more with CISPA. The voice of the People WILL be heard loud and clear, and you can help because your voice matters. It’s time to stand up for your rights because, in the end, who else will? Internet, unite!
I WANT TO LEARN EVEN MORE ABOUT CISPA! TELL ME MORE!
Ok…clearly you like reading and knowing the issues thoroughly. We’re proud of your dedication and passion to better educating yourself and others about this concerning bill. Below are additional helpful resources that you can check out to get an even better understanding of CISPA and how it will affect the world of tomorrow should it pass and become law.
NOTE: Even Obama seems to dislike CISPA — On 17 April 2012, the White House issued a statement criticising CISPA for lacking strong privacy protections and failing to set forth basic security standards.