CISPA passes the House; epic privacy battle moves to the Senate
If you’re not familiar with “Washingtonspeak” – that odd, unique variance of the English language in which words don’t really mean what they are supposed to mean – you might not know that the lawmakers who wrote the new Cyber Intelligence Sharing and Protection Act (CISPA) aren’t really too concerned about the protection aspect of the legislation, at least as it applies to the general public’s concern about privacy.
Yes, the word “protection” is in the title, but a closer examination of the language of the bill, as well as its intent, by those who know how things works on Capitol Hill, find that the only “protection” the bill offers is that afforded the federal government.
According to a summary of the bill by the Congressional Research Service, the legislation amends “the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing.” In particular, cyber threat intelligence is defined “as information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity […]”
What that means, essentially, is that it will be easier for the government and the private sector to share information about cyber threats, which, truthfully, is a major emerging national security problem.
Making conditions ripe for privacy violations – again
Trouble is, according to groups opposed to CISPA, once again citizens’ privacy concerns are taking a back seat in this Information Age. And that could be one reason why the White House has threatened to veto it, should CISPA pass the Senate.
On the one hand, business groups say the bill is necessary to make it easier for companies in the private sector to share potential cyber threat information with government security elements such as the National Security Agency.
On the other, groups like the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology (CDT) think the law will be used as yet another tool to violate privacy rights.
The CDT, which initially backed the legislation, pulled its support after becoming “disappointed that CISPA passed the House in such flawed form and under such a flawed process.” The group said its biggest concern was that the law, as it is now written, would allow information to move “from the private sector directly to the NSA.” The bill also inappropriately allows information to be applied to national security issues other than just cyber security – and therein lies the problem.
“CISPA goes too far for little reason,” says ACLU legislative counsel Michelle Richardson, according to the Washington Post. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”
CISPA: Bypassing privacy on weakest of excuses
The impetus of the legislation – to protect U.S. infrastructure, which is run by computer – from attack is as noble as it is necessary in these digital times. Cyber attacks on the U.S. have been mounting quickly, especially against U.S. military, industrial and corporate targets. But as usual, critics point out that the legislation isn’t what it appears to be.
“I do think there is a need for companies to get more information from the government in a timely fashion. The problem that arises with CISPA is that it does so much more than that,” says Rainey Reitman, activism director for the Electronic Frontier Foundation.
“It also opens the floodgates for companies to intercept communications of everyday Internet users and pass unredacted personal information to the governments,” she added.
CISPA would let companies essentially bypass current privacy laws “and pass citizens’ personal data to the government even if there’s a weak excuse that the information is related to cyber security purposes,” says a report by PC World.
“The government in return has said that if they get information that’s unrelated to cyber security they ‘may’ – don’t have to, but may choose to – remove some of the implications toward civil liberties. But they don’t have to and there’s no real guidelines on what they would have to do about it,” Reitman said.
Protecting the country from cyber attacks is imperative. Some say the cyber-equivalent of a Pearl Harbor-style attack is on the horizon.
Fine – let’s protect our electronic and digital infrastructure. But for once, let’s not trample the constitutional rights of our citizens in the process.