The Cyber Information Sharing and Protection Act (CISPA) was drafted by Representative Mike Rogers (R-Michigan) with the stated intention of protecting consumers and business owners by reducing intellectual property theft, identity theft, and perceived “cyber threats.” The bill was passed by the House of Representative in April 2012, as an amendment to the National Security Act of 1947. It has not yet come up in the Senate.
Those concerned with civil rights, privacy, and the freedom of information have expressed strong concerns about the bill.
CISPA gives corporations the right to transfer customers’ data to the federal government without a warrant, for the sake of “cyber security.” A “cyber threat” is loosely defined by the bill as having either a direct or indirect impact on the security of the government or a private entity. This leaves wide scope for defining online activities as potential terrorist threats. CISPA runs counter to the Fourth Amendment, the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”
The term “cyber threat” is certainly flexible enough to be applied to activists like Julian Assange and Bradley Manning for revealing state secrets, even in the name of social justice. In the era of WikiLeaks, the takedown of MegaUpload, and the “hacktivism” of Anonymous, this bill heightens the friction between the federal government and civil libertarians regarding the right to due process.
Corporate sponsors of CISPA include Facebook, Microsoft, IBM, Oracle, and Symantec and trade associations like Tech America and the Information Technology Industry Council. CISPA encourages corporations to transfer data about online communication to the government, with minimal accountability for resulting consequences. CISPA subverts anti-trust rules currently in place protecting consumer privacy. A provision in CISPA exempts the acting parties from Freedom of Information Act requests about how the data is used.
In a drafted statement, the Occupy Boston Information Technology Working Group (OBIT) elaborates on the perimeters of CISPA and offers this insight:
CISPA invites private industry to a government-sponsored fishing expedition. Sections (b)(1)(A)(i) and (b)(1)(B)(i), allow “cyber security providers” and “self-protected entities” to “…use cyber security systems to identify and obtain cyber threat information”. This means that any business can eavesdrop, collect the contents of your communications, analyze who you’re talking with and what you’re saying, and turn that information over to the government, without a warrant, without notifying you — as long as they claim they are doing it in the spirit of cyber security. Currently, laws such as the Wiretap Act and the Electronic Communications Privacy Act prevent companies from monitoring your private communications. Would you feel comfortable if the post office opened all of your letters, photocopied them, and shared that information with the government? Of course not! But that is exactly what CISPA would do with your electronic communications.
Industry veterans oppose CISPA because it endangers privacy. Mozilla, a non-profit organization known for its web-browser Firefox, has recently come out against CISPA, citing concerns about online privacy. Alex Fowler, head of Mozilla’s global privacy and public policy team, said in a recent statement,
The bill infringes on our privacy, includes vague definitions of cybersecurity and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.
CISPA is also criticized for overlooking the security of what does need protecting, especially critical infrastructure such as the power grid and utilities.
Worldwide mass protests of the banking and regulatory industries and of economic policies favoring the wealthy have helped catalyze the imposition of harsh laws like the NDAA, which allows indefinite detention of American citizens identified as terrorist threats. What looks like a recent attempt to entrap members of the Occupy Movement for terrorist activity in Chicago is a further step in a more authoritarian direction in US policy. Those who care about civil liberties want to prevent CISPA from contributing to this trend.
Along with the draconian provisions of the Patriot Act and NDAA, CISPA would further contribute to vast databases of information on nearly all Americans. The bill would give the government jurisdiction to shut down specific websites and selectively block internet access with no transparency or accountability. The Electronic Frontier Foundation has links for direct actions to challenge CISPA. Voices of Opposition against CISPA are raising awareness of the dangers to online privacy.
The House of Representatives approved CISPA in a 248-168 vote along party lines, and the bill awaits Senate voting. Obama has threatened to veto the Bill. However, as the Mass Pirates point out, he threatened to veto NDAA, but in the end did not. The Senate vote is not yet scheduled.
SOPA, the Stop Online Piracy Act, was recently defeated, thanks largely to activists rallying against its proposed interference with legitimate online activity. As with the successful fight against SOPA and the ongoing protests against NDAA, the struggle for civil rights continues.