CISPA…It’s Back!

Would it be OK for the government to collect all of your private data in one place, share it between agencies, enable companies to send anything “suspicious” to our intelligence agencies, all in the name of keeping us “safe?”  What if your Facebook friends and photos you post were collected and sent to the government by Facebook? What if your internet provider (e.g., Comcast, Time Warner) or mobile provider (e.g., AT&T, Verizon) intercepted and sent your check-ins, photos posted, emails sent, websites visited and all your digital traffic to a government intelligence agency?

It’s happening now and a bill, CISPA, will only make it easier.

CISPA, the Cyber Intelligence Sharing and Protection Act, has been reintroduced in the House of Representatives. It’s the contentious bill that would provide a poorly-defined “cybersecurity” exception to existing privacy law. CISPA offers broad immunities to companies who choose to share data with government agencies — including the private communications of users — in the name of cybersecurity. It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency.

Andrew Couts at Digital Trends — a refreshingly pragmatic voice in technology — pointed out in this article All You Need to Know about Washington’s Big Cybersecurity Push that this CISPA bill isn’t horrible, just far too incomplete.

The problem with CISPA—and many of these Washington knee-jerk “homeland security” legislative reactions—is that the legislation itself has far too many holes in it, the obvious potential for abuse exists with the usual lack of strong oversight, and companies have been granted immunity (just like AT&T was in the ongoing NSA Warrantless Wiretapping fiasco) so there are no checks-and-balances on them either.

As an aside, if you don’t know about the NSA $2 billion plus data center nearing completion you should. Read this Wired article from last April and it will make you stop-and-think about what the government might do with all the data they’ll increasingly have access to if CISPA passes as-is: The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say). It always amazes me that the gun-nuts out there are SO concerned about their 2nd amendment rights being taken away but are either clueless, too stupid, or not bothered to become aware of the fundamental Constitutional rights U.S. citizens have already lost…and continue to lose bit-by-bit.

Couts said this in his article:

Like Obama’s cybersecurity order, CISPA’s primary aim is to increase the sharing of cyber threat information (or CTI, as the cool kids call it). Unlike Obama’s order, however, CISPA allows the sharing of information in both directions – from government to business, and vice versa. Sharing is not required by the law, but it is allowed.

CISPA also provides broad legal immunity to companies that collect and share CTI with the federal government, as long as they do so “in good faith” – which might mean businesses can’t be sued or charged with crimes for collecting and sharing CTI under CISPA. Furthermore, CISPA shields the shared CTI from transparency mechanisms, like the Freedom of Information Act (FOIA).

Read the full text of CISPA here: PDF.

HOW TO OPPOSE CISPA (it’s really easy and fast to do so): That’s why I oppose this legislation. Since I’m a member of the Electronic Frontier Foundation (EFF) I was particularly pleased that they made it extremely simple and fast to send a letter to your congressional representatives. You can do so here and it will take 2-5 minutes. 

I modified the EFF’s boilerplate message to add a few things. Here it is in its entirety:

As your constituent, I’m emailing you today to urge you to oppose the Cyber Intelligence Sharing and Protection Act (CISPA).

Last year, CISPA sought to create powerful new protections for companies who wanted to sidestep privacy law in order to share sensitive user information with the government without judicial oversight. CISPA may also result in more sharing to the National Security Agency, which I along with civil liberties groups like the ACLU and EFF oppose.

Plus, just about every tech leader, entrepreneur and geek I know is stunned that such ‘data vacuuming’ is occurring with such laughingly little oversight, while a multi-billion dollar NSA Utah data center is near completion for storage, data mining and who-knows-what with *all* of U.S. citizens digital data.

While I appreciate the challenges our intelligence community deals with in a day of a ubiquitous internet and freely available (and robust) encryption technologies, I am NOT willing to hand over my civil liberties, and witness Congress and the executive branch continue to erode our Constitution, in the hope it will somehow make us “safer.”

My overall concern? That the cybersecurity foundation attempting to be laid today will one day be leveraged by those with fascist ideologies. Even a lay student of history can see that one coming unless strong measures are in place to see that cannot happen.

This is the wrong way to address our nation’s cybersecurity concerns.

Please *do not* co-sponsor this misguided legislation, and please join me in supporting online privacy by opposing CISPA.

Sincerely,

Steve Borsch