CISPA will be watching you…
The Cyber Intelligence Sharing and Protection Act (H.R. 3523), also known as CISPA, is the new threat to online freedoms. Like with SOPA and PIPA, the Internet will rally together to voice their concerns, speak their minds, and try to convince law makers this is a terrible idea.
However, I have a bad feeling about this particular bill.
What Is CISPA And How It Differs From SOPA and PIPA
If you didn’t hear about CISPA from this blog post first, you’ve probably seen reports of CISPA being the new SOPA/PIPA. While the goal of the bill is to give better security against cyber terrorists similar to SOPA/PIPA, CISPA is a little shorter in definition and its means to get to its end are vague.
SOPA, The Stop Online Piracy Act, was a bill discussed in the House of Representatives designed to target the transferring of copyright protected material online. If you had an infringing site, the three main functions of SOPA were to block all advertising revenue streams to the site provider, have search engines block search results for the infringing site, and request all ISPs to block access to the domain name of the site. Besides being a technical failure—you could still view blocked websites via IP Addresses—it threatened the way big online companies and social networks run. Imagine a court order to block, hide links to, and cut all advertising funding to Facebook because of a portion of users sharing illegal content. It just didn’t make sense.
PIPA, The PROTECT-IP Act, was the Senate equivalent of the SOPA bill. This one focused more on giving copyright holders tools from the government to block access to infringing sites, which was promoted as a way to combat overseas websites that the US could not simply shut down.
Both SOPA and PIPA were shelved. Keep in mind, they are not dead. They could easily come back in another form if ignored too long.
CISPA, however, is different.
CISPA is designed to allow companies and groups to share information and communications about, from, and to you with the government. All the government has to do is ask. No court orders, no subpoenas. Just requesting their information on who they suspect could be involved in any sort of Internet crime.
The CISPA Breakdown
You can view the full text of the CISPA bill here and give it a good read. It’s short, which is part of the problem.
The full title of CISPA is as follows:
“To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”
There are two major things about this description that will open the flood gates of privacy issues if CISPA passes.
First, there’s the definition of “cyber threat intelligence”:
`(2) CYBER THREAT INTELLIGENCE- The term `cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from–
`(A) efforts to degrade, disrupt, or destroy such system or network; or
`(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
Item A covers cyber terrorist attacks, from something as big as a system-wide hack to something as small as participating in a DDoS attack.
Item B covers the three big things CISPA will go after you for having or being associated with individuals in possession of: Private or government information (like Wikileaks), intellectual property (copyright or trademark infringement, piracy), and personally identifiable information (identity theft).
Second, there’s the addition at the end of the initial description of CISPA’s title, “…and for other purposes.” That phrase is, of course, not defined in the bill. What are CISPA’s limitations on “other purposes”? ID Approvals? Background checks? Determining federal loans?
Imagine the freedom of being able to monitor anyone you want through any method—Twitter archives, Facebook wall posts and personal messages, Gmail and other email services, text messages and voice calls—without being bothered by our legal system to investigate.
This sounds like a great idea in theory when it comes to tracking real cyber criminals, but as the whole LulzSec story with Sabu and the FBI has taught us, our government really has no problem finding US-based cyber criminals. Remember: You don’t need to be a cyber criminal for them to monitor you. All they need is a reason—any reason—to monitor you, and CISPA will allow them to do so. For example, if your significant other likes to do a good share of BitTorrenting and the government decides they want to monitor them online, there’s a very good chance your personal activity will be monitored as well.
So, who is this really benefiting from CISPA? Companies? The Government?
The sad reality: it’s both.
The Main Difference (And The Greatest Threat)
When SOPA and PIPA were in discussions, the Internet had a large, collective voice. Even though it was loud for every news outlet to repeat our cries, it wasn’t us who silenced the bills. Instead, it was the companies against both bills.
With corporations spending millions in lobbying the bills—such as the MPAA and the RIAA—it’s practically impossible for the everyman to persuade politicians to change their minds. As The Verge mentioned in a post at the time:
“Congress is a game, and anyone who wants to get something done in government plays. Those who don’t play never accomplish anything. It’s a game of reputation, relationships, back-room deals, and big money.”
So, for SOPA and PIPA to end, many companies who had big voices (and bigger wallets) who opposed both bills started to lobby too. Eventually, it worked. The media can say that there were disagreements to the bills which caused their shelvings, but the truth is in the payouts.
This time around, the big players are not on our side. Companies like Facebook, AT&T, Verizon, Microsoft, Intel, and many others have already shown their support (and their letters are available to read online). UPDATE 3.19.2013 — Not anymore. Anyone surprised by this?
But why? Knowing the outcry over SOPA and PIPA from before, why would these companies want to support something that’s clearly a violation of our privacy?
They see CISPA as a way to avoid any legal repercussions:
`(3) EXEMPTION FROM LIABILITY- No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith–
`(A) for using cybersecurity systems or sharing information in accordance with this section; or
`(B) for not acting on information obtained or shared in accordance with this section.
As long as these companies give a user’s private information when asked, they can share their findings with other companies and organizations and are protected from legal action.
And that’s absolutely terrifying.
There May Be No Blackout This Time
Since many big players have been or will be supporting this bill, it’s unlikely that they will be setting up mass online blackouts like last time around. Some of our biggest supporters will remain silent.
“Effective security requires private and public sector cooperation, and successful cooperation neccessitates information sharing. Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users.”
– Joel Kaplan, V.P. of U.S. Public Policy, Facebook
It’s obvious that some of these companies don’t understand the “expectations of [their] users” when it comes to privacy.
If CISPA passes, online privacy will no longer exist. Allowing this bill will begin a storm of other government monitoring bills to come down the Hill. Don’t think it’ll stop at online monitoring.
If they can allow a bill as vague in definition as this, then we have reached the end of all our privacy freedoms. Soon, Big Brother will be more of a reality than ever imagined by George Orwell.
This time, we‘re on our own, and I fear that it won’t be enough.
If you haven’t already contacted your local representatives, I suggest you do so. Tell them what you’ve learned about CISPA. Tell them we need help stopping this.
Share this post. Spread the word.
UPDATE 3.19.2013 — CISPA’s back in Congress and things are going to get ugly. Learn more about how you can stop it from passing and protect your privacy online.