Your “small government” lawmakers are at it again, passing laws in the U.S. House of Representatives that give the government — namely, agencies such as the Department of Homeland Security and the National Security Agency — the power to basically obliterate your privacy — in this case, via private businesses, namely large corporations. The good news is that President Obama has threatened to veto the Cyber Intelligence Sharing and Protection Act (CISPA) if it made its way through Congress, due to its vastly overreaching provisions. However, while he has come out against the House bill, what if the Senate tones things down a bit?
Last night, Republicans in the House passed CISPA, which was controversial to begin with, after adding even more amendments giving the government — and the military — access to private information that would be provided by private businesses. While it was designed to do away with some of the bureaucratic red tape involved in reporting and preventing threats that are internet-based, making it possible for companies to tell the government about such threats in a more streamlined manner, as well as share such information with each other (which, by itself, is a perfectly reasonable objective), CISPA goes further than that, especially when the companies that are the most vulnerable deal directly with the communications and privacy of regular people, civilians. However, CISPA could be interpreted in a way that would make it legal to share the private, personal communications of a business’s customers with the federal government.
While many businesses see CISPA as going too far, the following companies do not agree and endorsed the bill. Look out for a pattern of what these businesses are, well, in the business of:
… [M]any well known tech companies and trade associations also support the bill including AT&T, CTIA, Facebook, IBM, Intel, Microsoft, Oracle, Symantec, Verizon.
That list is from PC World, which also links to a more complete roster of CISPA supporters in the private sector. But yeah, look at that lineup: many of them with direct access to people’s private information (communications, passwords, banking information, etc.) that they want to be able to just hand over to the government if they “sense a threat.” Because what the House did right before passing CISPA last night was amend it to widen the scope of cyberthreats under this bill:
Previously, CISPA allowed the government to use information for “cybersecurity” or “national security” purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA [Computer Fraud and Abuse Act].
According to civil rights advocates, this basically amounts to a cyber version of a “Stand Your Ground Law,” giving companies the ability to form their own conclusions about a “perceived threat,” then send any information — without a person’s permission or knowledge — to the federal government and tell them they might be a cyber terrorist, child pornographer, stalker, intellectual property thief (hey, SOPA/PIPA, back from the dead, I see!), etc.
“CISPA goes too far for little reason,” said Michelle Richardson, ACLU legislative counsel. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”
Had the amendments lessened the scope of the bill, people might not be complaining, and the White House would not be threatening a veto. Obama’s advisors have urged him not to support CISPA, and he has come out as saying he will not let CISPA past his desk if it survives the House and Senate. Last night was the House vote, one day ahead of schedule. But will it even make it to the Senate floor, where there is a Democratic majority? There’s always a chance it could, and there’s always a chance that the Senate’s version of the bill — which was endorsed by the White House — might be less awful. Consider this: It’s an election year. Members of the House and Senate, as well as the president, are up for re-election, and they’d like to win, which means people need to try to like (or at least tolerate in the face of a worse alternative) what they’re doing while they’re currently in office. The last time we dealt with a controversial bill involving the internet, everyone protested, loudly, and the bill died. I’d say that we’re most likely safe from CISPA, at least in this form.
There is no doubt that cyber threats need to be taken seriously, and businesses that deal with telecommunications certainly would see their share of threats. They might even be our first line of defense in the private sector. But when does it cross the line from protecting the public to becoming a witch hunt?