Bill’s focus on cybersecurity still calls privacy into question
The fate of the Cyber Intelligence Sharing and Protection Act of 2011 might be decided this week as the bill makes its rounds through the Senate. The bill, which passed the U.S. House of Representatives on Thursday, April 26, is meant “to provide for the sharing of certain cyber intelligence and cyber threat information between the intelligence community and cyber security entities, and for other purposes,” according to the House Permanent Select Committee on Intelligence website.
On Monday, May 21, Oregon Sen. Ron Wyden gave a 12-minute speech in the Senate arguing against the passing of CISPA, saying, “CISPA is an example of what not to do. It creates a surveillance regime in place of a targeted, nimble cybersecurity program that is needed to truly protect our nation.”
“[CISPA] would allow law enforcement agencies to mine Internet users’ personal data for evidence of acts entirely unrelated to cybersecurity,” Wyden said. “More than that, they would allow law enforcement to look for evidence of future crimes, opening the door to a dystopian world where law enforcement evaluates your Internet activity for the potential that you might commit a crime,” he added.
Wyden’s sentiment of a big-brother regime echoed that of Rep. Hank Johnson (D-Ga.), who, on April 27, posted on his Facebook: “I voted no on CISPA,” further reiterating a statement he made during the House vote, wherein he referenced George Orwell’s famous novel 1984. “I know it’s 2012, but it feels like 1984 in the House today,” he said.
“The stated purpose of the bill is to try to give the government some tools for identifying and addressing threats in cybercrime, which they define as trying to essentially destroy a network or a system. Or disrupt it. Or stealing information: electrical property and person-identifiable information,” said Portland State Assistant Professor of political science Chris Shortell.
Shortell said the idea of stealing information raises the most concern for those opposing the bill. “The concern is that this gives government greater powers, as SOPA would have, to pursue those who are engaging in file sharing and things like that,” she said.
SOPA, or the Stop Online Piracy Act, failed to pass in Congress and led to an Internet blackout on Jan. 18. Wikipedia, Reddit and thousands of other websites shut down in protest of the bill.
With SOPA, the widespread opposition played a large role in the bill’s failure. But that’s not the case for CISPA. Though there are a number of advocate groups against the bill, there are fewer major corporations opposing the bill.
“No major technology corporations have stepped up against CISPA the way Facebook, Reddit and Wikipedia did against SOPA,” Dan Rowinski said in an article published April 26 on readwriteweb.com. “Because of the lack of business opposition, CISPA has been a much lower-profile bill, and members of Congress have not faced grassroots pressure to vote against it.”
In fact, Facebook seems to be in favor of CISPA. A letter titled “A Message about CISPA,” posted by Facebook Vice President of U.S. Public Policy Joel Kaplan, describes a situation where CISPA is extremely beneficial. “When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack,” Kaplan wrote.
However, many people who oppose CISPA are mainly concerned with the lack of privacy rights for individuals.
“Privacy in the cybersecurity arena should be the default, not the exception,” Wyden said in his speech. “The [online] content that Americans consume must be at least as private as their library records, their video rentals and book purchases in the brick-and-mortar world. Our law enforcement and intelligence agencies should not be free to monitor and catalogue the speech of Americans just because it’s online,” he said.
Because of privacy rights concerns, there have been many suggestions to make various amendments that will help protect those rights.
“Most recent amendments to the bill have tried to refocus the bill or clarify that the focus is more on certain network safety and protection and the stealing of information—like corporate secrets and government information,” Shortell said.
Since CISPA focuses on preventing cyber threats and sharing cyber threat information, “there is nothing particular about the bill that would make an effect on PSU students,” Shortell said. But for the U.S. in general, “it really depends on how it’s put into practice. It depends on whether the provisions that are added to the bill are enough to prevent government agencies from using them to access information in general,” he added.
Shortell believes that if enough amendments were made, the act could be beneficial. “There is no doubt that there are concerns and that cyber crime could be a problem. But the question is always going to be whether there is adequate protection for privacy rights,” Shortell said.
Because of the amount of proposed amendments, CISPA’s authors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), and sponsors are feeling the political pressure to accept them. “They are trying to include more restrictions and privacy protections while still getting at the very real public policy problems presented by cyber crime,” Shortell said.
“The White House has come out in opposition to the bill as it stands right now,” Shortell said. President Obama has issued notice that he would veto CISPA should it pass Congress.
