comScore
Uncategorized Wednesday, April 11th 2012 at 11:30 am

What You Should Know About CISPA, The Bill That’s Not Exactly Like SOPA, But Just As Bad [UPDATED]

By ( ) Comments

There have been some noteworthy modifications to CISPA since this article was written. You can read about them here. Any statements that are no longer accurate have been struck through. Otherwise the text remains unedited.

It wasn’t long ago that the potentially Internet-destroying twins SOPA and PIPA were effectively defeated, but ever since they snuck up on the Internet-at-large, there’s been the worry that something similar might happen again. Well, it’s happening. The new bill HR 3523, or the Cyber Intelligence Sharing and Protection Act (CISPA), while different from SOPA in many ways, is pushing its way through Congress as we speak, and could pose a serious threat to the Internet that is both very similar and very different from SOPA.

As with any bill, especially a cybersecurity bill, there is a lot to know. For the moment we’ll try to stick with the basics:

CISPA, on its face, claims to be concerned with cybersecurity unlike SOPA and PIPA, which focused on copyrights and piracy.

SOPA was a bill with an admirable goal and potentially devastating consequences. It aimed to put an end to piracy and instead could have put an end to free Internet as we know it through DNS blocking, misguided logic, and overly broad powers. Likewise, CISPA ostensibly aims to theft of government information or intellectual property and cybercrime in general. Unlike SOPA, however, CISPA operates under the guise of national cybersecurity as opposed to economic concerns, but CISPA’s overly broad language could be used for surveillance or censorship because the bill lacks sufficient restrictions. Supporters of CISPA will be quick to discourage comparisons of CISPA to SOPA considering the former was economic and the later is concerned with security (and considering “SOPA” has pretty much developed into something of a slur). While this is true, both bills would could have similarly devastating effects on the Internet and the people who hang out and do business there.

CISPA allows the government and private companies to exchange private information so long as the exchange has something to do with “cybersecurity.”

The problem here has to do with the lack of justification. Like SOPA which — at points in its existence — would have allowed for wholesale takedowns of entire sites based on the mere accusation of copyright infringement, CISPA allows for the sharing of otherwise private data between private companies and the government (in both directions) so long as the exchange is ostensibly related to cybersecurity. What “cybersecurity” actually means is woefully unclear. As far as the bill is concerned, a “cybersecurity purpose” is:

    The term ‘cybersecurity purpose’ means the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network, including protecting a system or network from–‘(A) efforts to degrade, disrupt, or destroy such system or network; or‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

You’ll note that according to the FBI, federal copyright violation is a flavor of intellectual property theft.

Furthermore, whether or not an action does have a cybersecurity purpose seems to be a total judgement call for those involved when the share actually goes down. Of course, with a definition that broad, pretty much anything could fit the criteria which is probably why the need of some sort of third-party validation seems crucial to opponents, but might seem unnecessary for supporters. The Privacy and Civil Liberties Oversight Board is required to submit “a review of the sharing and use of information by the Federal Government” to Congress annually, but like SOPA’s shoot-first DNS takedowns, this is an after-the-fact move; the information can’t be unshared even if some wrists get slapped.

CISPA would instate ridiculously wide-reaching protections regarding the sharing and use of information.

The fact that CISPA-related information exchanges are only reviewed for validity after the fact, instead of being carefully considered beforehand, is only part of the problem. CISPA also has very, very broad protections in place for anyone who shares anything relating to cybersecurity. First of all, CISPA sharing supersedes any and every other privacy law, federal and state, meaning anything that might be considered private otherwise is suddenly not when cybersecurity is involved.

Second, anyone who does or doesn’t do stuff with CISPA-shared data is protected from pretty much anything. Basically, anyone acting “in good faith” is exempt from both civil and federal suits regarding any information they’ve shared or regarding any actions they took — or failed to take — based on any cybersecurity information they may have received. So even if someone shares something they shouldn’t have, or over-reaches based on some juicy dish they got, they’re in the clear so long as it’s decided they were acting in good faith.

CISPA, in theory, isn’t concerned with individuals, but in practice could easily invade personal privacy.

For all the things that CISPA allows, there are a few it doesn’t and they are worth noting. CISPA does not allow the government to require anyone to give them information. Of course, that isn’t to say that there can’t be any strong persuasion or technically-you-could-live-without-these-but-the-same-way-you-can-technically-live-without-a-head-for-like-5-seconds “benefits” to sharing. CISPA also does not allow “individuals” to be any part of all this. Entities are giving the information and the information concerns entities. As Techdirt points out, however, this information is going to contain tons of information about individuals, and CISPA provides no incentive to anonymize the data.

Considering the freewheeling “everything at the cost of cybersecurity” nature of CISPA, this personal information could easily be abused. Take, for instance, the classic example of cops who gain a warrant to search your home for a stolen piano and instead find drugs in your bedside drawer. Clearly they were not expecting to find the piano in there, so it’s not an admissible find. If a company hands over records to the government regarding some kind of nebulous cybersecurity threat, there seems to be no such restriction in place. All the data is fair game for pretty much anything.

Essentially, like SOPA’s most egregious DNS takedown provisions encouraged haphazard site censorship and like DMCA’s safe harbor provision encourages content hosts to haphazardly remove content at the slightest cry of “wolf”, CISPA encourages the government and other private entities to haphazardly share potentially sensitive information without only cursory approval after the fact. When it comes to principle, CISPA is just the latest in a series of bills and laws that throw caution — and due process — to the wind, except in this case, the stakes are quite high. We’re talking information –all kinds of information — being shared all over the place, but we’re also talking national security (supporters will argue), which is a pretty effective appeal to fear, almost as effective as “but think of the children.”

CISPA has been out of committee since December 1, 2011, but has yet to be debated or brought to a vote. Basically, we’re in the same place we where when the SOPA ball really started rolling. That being said, the Internet at large should have a better feel of what’s at stake and what to do about it, after having experience with SOPA. Hopefully everyone’s had enough time to cool down. If you want to help kill CISPA, Demand Progress is collecting resources to help you do that. In the meantime we’ll keep a close eye on where things are headed.

(h/t Techdirt 1, and 2, Wikipedia, The Next Web, image credit Shutterstock)

Relevant to your interests

Filed Under |
  • Dr Coene

    Censorship is the single most profoundly un-American offense possible.

    The internet is the single most profoundly American invention ever designed.

  • Souzry

    Engled invented the Internet, get your facts right.

  • Guest

    *England

  • Jack Bond

    I thoroughly believe this was brought about by LulzSec and Anonymous’s wonton internet abuse.

    Thanks guys. Hope you enjoyed your lulz while they lasted.

  • Dr Coene

    The British invented hypertext document linking in 1989. Webpages. Guess what they used to get their hypertext documents to link? The internet, which was developed decades earlier in the United States. And even if the internet was not originally developed in the United States, it would still be more American than European, much like Christopher Hitchens, or Democracy.

  • Jack Bond

    It was made in California… much like a lot of today’s cutting edge technology.

  • Anonymous

    Man, fuck the children and national security. 

  • Ericbazilio

    I’ll say nothing about Hitchens, but you should know democracy goes as far back as Anciente Greece, if not further.

  • Guest

    I understand the gripes about this bill and I will fight it tooth and nail, but FYI this is already happening… its called Facebook SocialGraph. All information you post on Facebook is effectively publicly accessible by anyone that knows how to interact with the API. Facebooks permission based security is a joke, all you need is a user id and a hacked auth token. Both are easy to attain if you just embed a facebook widget on your page. 

  • 30mins or it’s free

    Thanks alot, dude.  Now I have a wonton craving that needs satisfied!

  • http://www.lisaudy.com/ Sharyn Neumann

    As with any bill, especially a cybersecurity bill, there is a lot to know. For the moment we’ll try to stick with the basics:

  • This guy

    Democracy? That thing invented by the Ancient Greeks?

  • http://getmoreviews.net/ Chanda Fortier

    ‘(B) theft or misappropriation of private or government information,
    intellectual property, or personally identifiable information.

  • http://www.lelandsiding.com/ Fawn Barclay

    meaning anything that might be considered private otherwise is suddenly not when cybersecurity is involved.

  • Webb1986

     Well, while you boys measure your dicks, this is really happening. The
    concept of the internet being American makes sense as America stands for
    freedom blah blah blah fucking blah.

    The real point is the Internet is one of the few things that truly
    brings the world together. With it, I can talk to anyone, anywhere in
    the world and vice versa. I can share my thoughts, opinions, and ideas
    and even if nobody replies or reads them, they remain archived and maybe
    somewhere down the line someone will happen by them and perhaps gain
    something from them. Like twenty years from now.

    End rant.

  • Ryan E Sidebottom

    It’s common knowledge Gore invented the internet. (I kid)

  • Tom J

    Al Gore invented the internet….everyone knows that!

  • http://www.ebackupcity.com/ Kyong Gaffney

    Hopefully everyone’s had enough time to cool down. If you want to help kill CISPA, Demand Progress is collecting resources to help you do that. In the meantime we’ll keep a close eye on where things are headed.

  • Amy331

    FUUU SOPA AND FUUU CISPA! Internet censorship my ass, that’s more like it -.-

  • Rwolf

     CISPA
    Legislation Is Disguised—Fascism

    CISPA
    the Cyber Intelligence Sharing and Protection Act if signed into law will
    allow——the military and NSA warrant-less spying on Americans’ confidential
    electronic Communications; any transmitted private information circumventing
    the fourth amendment. CISPA will allow any self-protected cyber entity to share
    with the Feds any person’s private information that might allegedly relate to a
    cyber threat or crime. Considering the U.S. Government’s current business relationship
    with telephone and Internet companies, it should be expected the feds would use
    CISPA to gain unprecedented access to lawful Americans’ private electronic
    communications. Almost every week news media reports corrupt police arrested
    for selling drugs, taking bribes and perjury. It is foreseeable that broad
    provisions in CISPA that call for private businesses / cyber entities to share
    with Spy Agencies confidential information will open the door for corrupt
    government and police to sell a corporations’ confidential information to its
    competitors, foreign government and others. CISPA provides insufficient
    safeguards to control disposition of (shared) confidential corporate / cyber
    entity information, including confidential information shared by spy agencies
    with private entities derived from spying on Americans. 

    The
    recently House Passed Cyber Security Bill overrides the Fourth Amendment.
    Government may use against Americans in Criminal, Civil and Administrative
    courts (any information) derived from CISPA warrant-less spying. CISPA will
    open the door for U.S. Government spy agencies such as NSA; the FBI; government
    asset forfeiture contractors, any private entity (to take out of context) any
    innocent—hastily written email, fax or phone call to allege a crime or
    violation was committed to cause a person’s arrest, assess fines and or civilly
    forfeit a business or property. There are more than 350 laws and violations
    that can subject property to government asset forfeiture. Government civil
    asset forfeiture requires only a civil preponderance of evidence for police to
    forfeit property, little more than hearsay.

    CISPA
    (warrant-less electronic surveillance) will enable the U.S. Justice Department
    to bypass the Fourth Amendment, use information extracted from CISPA electronic
    surveillance) of Americans’ Web Server Records, Internet Activity, transmitted
    emails, faxes, and phone calls to issue subpoenas in hopes of finding evidence
    or to prosecute Citizens for any alleged crime or violation. If the current
    CISPA is signed into law it is problematic federal, state and local law
    enforcement agencies and private government contractors will want access to
    prior Bush II NSA and other government illegally obtained electronic records to
    secure evidence to arrest Americans; civilly forfeit their homes, businesses
    and other assets under Title 18USC and other laws. Of obvious concern, what
    happens to fair justice in America if police become dependent on “Asset
    Forfeiture” to help pay their salaries and budget operating costs?

    Note:
    the passed “Civil Asset Forfeiture Reform Act of 2000” (effectively eliminated)
    the “five year statue of limitations” for Government Civil Asset Forfeiture of
    property: the statute now runs five years (from the date) police allege they
    “learned” an asset became subject to forfeiture. If CISPA takes affect, allows
    (no warrant) electronic government surveillance of Americans, it is expected
    CISPA will be used by government not only to thwart cyber threats, but to
    aggressively prosecute Americans and businesses for any alleged crime: U.S.
    Government spy and police agencies; quasi government contractors for profit,
    will relentlessly sift through Citizen and businesses’ (government retained
    Internet data), emails and phone communications) to discover possible crimes or
    civil violations. A corrupt U.S. Government Administration too easily use CISPA
    no-warrant-seized emails, faxes, Internet data and phone call information) to
    target, blackmail and extort its political opposition; selectively target any
    Citizen, corporation and others in the manner Hitler used his Nazi passed
    legislation that permitted no-warrant Nazi police searches and seizure of
    Citizens and businesses or to extort support for the Nazi fascist government.
    Hitler Nazi Laws made it possible for the Nazi’s to strong-armed German
    parliament to pass Hitler’s 1933 Discriminatory Decrees that suspended the
    Constitutional Freedoms of German Citizens. History shows how that turned out.

    CISPA warrant-less electronic surveillance) has the potential of turning
    America into a similar Fascist Police State.