CISPA and the power to cyber snoop – er, what just happened?

27 Apr 2012

What just happened to privacy on the web? Have large US internet giants and security agencies been given extra rights to snoop online? These are the questions in my mind after news that the Cyber Intelligence Sharing and Protection Act (CISPA) was cleared last night in the US House of Representatives, 248 to 168.

The bill, introduced by Republican Rep Mike Rogers, ostensibly aims to protect and limit the US government’s power to cyber snoop for security reasons but in fact adds new powers.

Internet giants Microsoft and Facebook are actual proponents of the bill because it means they can pool information to better defend against cyber attacks and bring spammers, hackers and data thieves to justice.

But those against the bill argue it gives internet companies the right to send users’ information to the US government.

On the pretext of a “cyber security” threat, the US government will have powers to search information with impunity.

So is this a bad thing or a good thing? Certainly in terms of protecting users and particularly the rights of children, it is good to know people are working hard to protect and defend.

But with seemingly limitless powers to cyber snoop and gather data it also raises questions about what if these powers were used for the wrong reasons and by the wrong people?

According to Techdirt, CISPA means that the prized US 4th amendment no longer applies online. It opines: “Far from the defence against malevolent foreign entities that the bill was described as by its authors, it is now an explicit attack on the freedoms of every American.”

What is reasonable?

The Electronic Frontier Foundation raises questions as to what is reasonable use of the CISPA powers. “This amendment has a somewhat misleading title because it does little to actually ‘minimise’ the retention of sensitive user data. In short, the amendment states that if a department or agency receives information that actually isn’t related to cyber security threats, they shall ‘notify’ the entity that gave them the information.

“This amendment also says that data won’t be kept for purposes other than what has been outlined in the bill – but doesn’t actually narrow the expansive reasons that data can be kept.  

“The bill also states that the government ‘may’ choose to ‘undertake reasonable efforts to limit the impact on privacy and civil liberties.’ There’s no mandate to do so and no explanation of what constitutes ‘reasonable efforts.'”

Digital rights, human rights

Global human digital rights movement Access Now said it is disappointed the US House has passed the Cyber Intelligence Sharing and Protection Act, “disregarding the strong and legitimate concerns about provisions in the bill which threaten the privacy of internet users around the world.”

It says that despite attempts by civil society to work with lawmakers, the introduction of privacy-focused amendments, and a threat of a veto from the White House, the House decided to go forward and pass a bill which inadequately ensures civil liberties are protected.

“Cyber security and our rights are not mutually exclusive – but today’s vote reinforces the idea that legislators fail to understand how to properly guard against cyber threats without stepping on the fundamental rights of users,” said Brett Solomon, executive director of Access.

“The fact that technology companies who signalled support for CISPA have remained conspicuously silent during these proceedings is disrespectful to their users, who care about being protected against cyber attacks but nonetheless mobilised online in opposition to this bill.

“While today’s events have been disappointing, Access hopes Senators and technology companies will endorse legislation that provides further privacy protections than currently included in CISPA. It is our expectation that as debate and discussions continue, a bill is crafted that puts civil liberties first,” Access Now said.

As the CISPA debate continues, it is clear that something is happening that has the potential to eclipse the recent SOPA and PIPA debates around copyright.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years