Will CISPA Let the Government Spy on You?
You may remember back in January when countless sites across the Web, including Internet giants Google, Wikipedia, Mozilla, Reddit and WordPress, voiced their opposition to the SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act) with blackouts and messages urging users to tell congress vote against these bills.
While the bills were designed to help shut down overseas websites that traffic in pirated and counterfeit goods, opponents claimed that these bills were too broadly written and could be used to hurt legitimate websites, stifle innovation on the Web, suppress free speech and create a wall between the U.S. and the rest of the world.
SOPA and PIPA were stopped largely because of the uproar put up by privacy groups, technology companies and regular people.
But now, the issue of privacy has sprouted up again—this time in conjunction with a bill called the Cyber Intelligence Sharing and Protection Act, or CISPA, which passed through the House last week and now will be heard by the Senate.
The bill was introduced by U.S. Representative Michael Rogers (R-MI) and aims to protect American government agencies, companies and individuals from cyber attacks, particularly those coming from countries such as China, Russia and Iran.
While that sounds all well and good, the way the bill is worded it would allow companies like Facebook and Google to send personal user information to the government that could be used to look for suspicious activity. So imagine you’re doing research or you’re just curious and you watch a video on YouTube or buy a book at Amazon about Islamic terrorism and the principle of Jihad. Does doing so put you on a watch list for terror suspects?
According to Rainey Reitman, activism director for the Electronic Frontier Foundation, CISPA is a civil liberties nightmare.
“The biggest problem with this bill is the drafting that includes language that, notwithstanding any other law, lets companies disregard long-held balanced privacy laws that were put in place to protect the privacy of Internet users,” she told Techlicious.
“When we create a situation that lets companies completely disregard those laws and creates no incentives for them to protect individual privacy, we’re left with a situation where the government has this back door wire tap, a mechanism for collecting information on individual Internet users without ever having to go to a judge. That is the major concern that civil liberties groups have been voicing for some time now and which Republicans in the House just did not want to hear,” she said.
Even so, many companies support CISPA. The reason? They want to be better informed about security threats.
CISPA proponents such as Dean Garfield, president and CEO of the Information Technology Industry Council, says nearly all of the data breaches that take place on the Internet are breaches of people’s personal information, and that CISPA would actually protect people’s personal data.
He also maintains that CISPA doesn’t mandate that companies give the government information, but that doing so is voluntary.
Reitman and Garfield debated the issue last week on a San Francisco radio show that you can hear here.
As for the future of CISPA, the bill will be picked up in the Senate sometime in May, although what will likely be heard first is a bill cosponsored by Senators Joseph Lieberman (I) of Connecticut and Susan Collins (R) of Maine and backed by the Obama administration; it supports evading and mitigating cyber threats by putting security mandates on utilities such as nuclear power plants.
The EFF’s Reitman worries that if the Lieberman-Collins bill passes in the Senate and the House has passed CISPA, what may eventually result is hybrid legislation that includes the worst aspects of CISPA.
“It is vital that between now and the votes taking place on Lieberman-Collins as many people come forward as possible and speak out about the civil liberties issues,” Reitman says.
The Senate is currently on recess but will resume May 7.