New Cyber Security Bill, Old Privacy Problems
The Cyber Intelligence Sharing and Protection Act, or CISPA is on its way to the Senate this week. Supposedly aimed at help companies and government to work together to help fight cyber attacks, the bill poses some real threats to Americans’ Fourth Amendment privacy protections.
CISPA has a few main problems: it makes it way too easy for government agencies to put people they don’t like in prison; government agencies do a terrible job of keeping data secure, meaning CISPA has a good chance of actually making cyber attacks more likely and damaging; and data suggests that U.S. businesses would rather see the private sector develop cyber security solutions.
While the bill has many similarities to last year’s widely reviled SOPA, CISPA enjoys support from some of the same corporations who went black to protest SOPA, which has led to a much more muted response online. When AT&T, Comcast, Verizon and Tech policy group TechNet, whose members include Facebook and Google, all support CISPA, it makes it all the more difficult to mount the internet blackout Anonymous has called for. You can read a full list of CISPA’s supporters here.
One explanation for companies’ about face and support of CISPA is that it actually protects them from being sued. Under CISPA, they’re immune when they break their Terms of Service in order to give government agencies like the NSA their users’ private data, as long as the government says it’s for cyber security.
Yet even with this handout to tech companies, over 300 websites participated in a blackout Monday, the largest of which was Reddit.
These sites, as well as many individuals, are worried about CISPA because it, as Mediaite put it, “effectively creates a ‘cybersecurity’ loophole in all existing privacy laws.” It does this in two main ways. First, it gives government new powers to monitor and collect data without a warrant. Under CISPA, government agencies can collect, analyze and store information that is supposed to be private under existing Terms of Service on Facebook and Twitter. And they can do it with neither warrant nor warning. Then, as previously mentioned, it immunizes those companies against lawsuits for violating their Terms of Service.
So just how much data would CISPA give the government access to without a warrant? TechCrunch reports that Facebook has plans to build a billion-dollar data center that will cover “1.4 million square feet and serve as what the company says will be ‘the most advanced data center in the world.’” When you combine the fact that the average American commits 3 felonies a day with the once-unimaginable amounts of data law enforcement can troll through you begin to see that CISPA makes it extremely easy for law enforcement to find reasons to imprison unfavored but harmless citizens. Simply put, CISPA makes it much easier for government officials to find reasons to put people it doesn’t like in prison.
Another suboptimal aspect of CISPA is that, as Berin Szoka of TechFreedom and Ryan Radia of CEI explained for RedState.com, “CISPA’s blanket immunity discourages private companies from competing on, or innovating in, privacy protection.”
They go on:
More profoundly, CISPA’s immunity language—”notwithstanding any provision of law”—violates a basic principle of the rule of law in a free society: private companies and individuals should be free to form voluntary arrangements beyond the strictures of federal law. As Professor Richard Epstein argues, “the most ubiquitous legal safety hatch adds three words to the formal statement of any rule: unless otherwise agreed.” CISPA does just the opposite.
The Electronic Frontier Foundation has been a vocal critic of CISPA. On warrantless wiretapping, they wrote:
Early in his first presidential campaign, then-Senator Obama was a leading critic of giving telecom companies like AT&T immunity for breaking the law to assist in the government in warrantless wiretapping.
People concerned about privacy should not support the idea that telecom companies can enjoy immunity when they violate their Terms of Service to assist in the government in warrantless wiretapping.