Daisy Luther Blog | Apr. 9, 2012
Once upon a time there was a bill called SOPA. Some evil trolls who worked and conducted meetings in a big domed building in Washington DC tried to make a wicked law to allow them to close people's internet-based businesses and websites whenever they wanted, for the silliest of reasons, much to the delight of the head ogre who lived in a big White House. The people of the land all stood up angrily and complained to fight against the law, and through their efforts, defeated the trolls and the head ogre. The laws of the internet remained fair, the trolls were duly chastened, the ogre pretended benevolence and the people lived happily ever after, internet freedoms intact.....
Well.....until the dragon CISPA reared it's ugly head.
As we predicted here, the government has been busily creating a law to "protect" us from cyber-attacks like the one recently threatened by Anonymous.
The stated purpose of CISPA is "To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes."
(Personally, my favorite line in that statement is "and for other purposes." It sets the ambiguous tone for the rest of the bill.)
The outrages that are blatantly laid out in CISPA (The Cyber Intelligence Sharing and Protection Act) are bad enough, but the vagueness of the language takes the intrusion to a level previously unheard of in a country born of the blood of Patriots and allegedly protected by the Constitution.
CISPA allows "cyber entities" (internet service providers, social networks and cell phone companies, to name a few examples) to circumvent internet privacy laws. In an interview with Russia Today, Kendall Burman of the Center for Democracy and Technology stated that, "the bill, as written, allows the US government to involve itself into any online correspondence... if it believes there is reason to suspect cyber crime.
As with other authoritarian attempts at censorship that have come through Congress in recent times, of course, the wording within the CISPA allows for the government to interpret the law in such a number of degrees that any online communication or interaction could be suspect and thus unknowingly monitored."
The Electronic Frontier Foundation, a digital rights advocacy group, states, "It effectively creates a ‘cybersecurity'’ exemption to all existing laws...There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes."
In the spirit of making things clear, the bill contains several definitions that only add to the general air of vagueness.
CYBER THREAT INTELLIGENCE ~ "information pertaining to protecting a system or network from—(A) efforts to degrade, disrupt, or destroy such system or network; or (B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information."
SELF-PROTECTED ENTITY ~ "an entity, other than an individual, that provides goods or services for cyber security purposes to itself."
PROTECTED ENTITY ~ "‘protected entity’ means an entity, other than an individual, that contracts with a cybersecurity provider for goods or services to be used for cybersecurity purposes."
"Cybersecurity" is not defined in the document.
So it's clear, CISPA will allow for the surveillance and interception of your personal correspondence by the government, email providers, cell phone providers, internet service providers and social networks, to name just a few of the allowable snoopers.
Despite the fact that the bill specifically states that entities cannot use the powers granted "to gain an unfair competitive advantage" one must wonder how a profit can be made via CISPA, especially after the corporate outcry against SOPA, which would have greatly restricted the activities of computer and communications companies. Companies like Facebook, AT&T and Verizon have jumped on the CISPA bandwagon with both feet.
In a letter to Congress, Facebook VP Joel Kaplan wrote, "Your thoughtful bipartisan approach will enhance the ability of companies like Facebook to address cyberthreats.....Your legislation removes burdensome rules that can currently inhibit protection of the cyber-ecosystem."
Fred Humphries, a Microsoft VP commended Congress in a statement. "The legislation would seek to eliminate barriers and disincentives that currently prevent effective information-sharing to guard against cyber-attacks."
The United States Chamber of Commerce VP Bruce Josten stated the group's support of CISPA as "an important step in assisting the nation’s public and private sectors to prevent, deter, and mitigate the array of cyber threats from illicit actors without imposing burdensome regulations on industry."
The following companies have all written letters of support for CISPA (you can read the letters by clicking on the name of each company).
CTIA - The Wireless Association
Cyber, Space & Intelligence Association
The Financial Services Roundtable
Independent Telephone & Telecommunications Alliance
Information Technology Industry Council
Internet Security Alliance
National Cable & Telecommunications Association
US Chamber of Commerce
US Telecom - The Broadband Association