It's sad but not surprising to see that the successor to SOPA, the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 3523), is gaining support in the House of Representatives and seems likely to pass there. I had little doubt this would happen, but the quickness with which Congress has jumped from SOPA to CISPA is alarming. It's also insulting, but that's definitely not surprising.
As usual, the Electronic Frontier Foundation explains why this bill is a dangerous threat to privacy and why everyone should oppose it (everyone who isn't a large company in bed with the government, that is).
The bill purports to allow companies and the federal government to share information to prevent or defend from cyberattacks. However, the bill expressly authorizes monitoring of our private communications, and is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.
Under CISPA, any company can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company. This phrase is being interpreted to mean monitoring your communications—including the contents of email or private messages on Facebook.
Right now, well-established laws, like the Wiretap Act and the Electronic Communications Privacy Act, prevent companies from routinely monitoring your private communications. Communications service providers may only engage in reasonable monitoring that balances the providers' needs to protect their rights and property with their subscribers' right to privacy in their communications. And these laws expressly allow lawsuits against companies that go too far. CISPA destroys these protections by declaring that any provision in CISPA is effective “notwithstanding any other law” and by creating a broad immunity for companies against both civil and criminal liability. This means companies can bypass all existing laws, as long as they claim a vague “cybersecurity” purpose.
CISPA has such an expansive definition of "cybersecurity threat information" that many ordinary activities could qualify. CISPA is not specific, but similar definitions in two Senate bills provide clues as to what these activities could be. Basic privacy practices that EFF recommends—like using an anonymizing service like Tor or even encrypting your emails—could be considered an indicator of a “threat” under the Senate bills.
After collecting your communications, companies can then voluntarily hand them over to the government with no warrant or judicial oversight whatsoever as long is the communications have what the companies interpret to be “cyber threat information” in them.
I suppose President Obama should be lauded for criticizing the bill, assuming this means he also will veto it when it passes. But the practice of violating the civil liberties of uncharged Americans without any trial, hearing, or other due process is par for the course for the Obama administration, so any opposition Obama registered on Constitutional grounds would understandably sound hollow.
would trump wiretap laws, Web companies' privacy policies, gun laws, educational record laws, census data, medical records, and other statutes that protect information....
Beadon presents a scenario I haven't read about elsewhere:
Government networks are protected by a network security system called Einstein, which is being steadily expanded to do things like analyze the content of communications. Such software meets all the criteria of a "cybersecurity system" under CISPA, and there is serious concern that the bill would permit the government to offer Einstein or a similar system to private cybersecurity companies. By CISPA's definitions, everything collected by such a system would qualify as "cyber threat information" and thus be open game for sharing with the government—and nothing in the bill would prevent these private systems from being connected live to government databases, effectively uniting them with the government's own security network.
McCullagh also notes that CISPA authors Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) cite cybersecurity threats from Russia and China as a major impetus for the bill. Rogers and Ruppersberger, of course, claim that CISPA actually "protects privacy by prohibiting the government from requiring private sector entities to provide information." I don't buy it for one minute, and neither should you. How many imagined, overblown, or manufactured threats from abroad have been invoked to justify encroachments of liberty by governments throughout history? How many measures did those governments take in the name of protecting and helping their citizens, only to prove that those were so many empty promises at first chance? When the government comes to help, we should fight it back with all we've got.
The internet and all its freedom of exchange, communication, and association are the least regulated domains of our lives, so it isn't surprising that the parasites in big government and big business see them as prime targets for overdue legislation. Our currency, our schools, our business, our labor, our agriculture, our health care, and now our private online communications—all restricted and regulated and controlled by a professional criminal class that invokes the public good in order to attack it, that promises to protect our rights so that it may violate them.
I don’t think it will last long, unfortunately. Our ardor and stamina in defending our rights just don’t exist. Our quality of life will have to be severely, immediately, and clearly impacted by a law for widespread protests and backlash to defend us against our corrupt political system for long. There will be another SOPA/PIPA, and it will pass the House and Senate and be signed by the president, probably President Obama. It won’t be egregious and alarming to most people, but it will be bad enough. Liberal and conservative voters will pat themselves on the back for being reasonable, realistic, and bi-partisan and defending themselves against the horror of SOPA, and the professional criminal class will chuckle to themselves saying, “Stupid, gullible SOPA protesters. That’ll teach ’em what standing up to our authority will get them.”