Although written during the date provided, this article was republished during 2020 by Nicolas Gorman to put it on the website. The author is unknown.
The Cyber Intelligence Sharing and Protection Act (CISPA) recently passed in the House of Representatives and is moving on to the Senate. The bill aims to “provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” as proposed by Representative Michael Rogers.
This seems like a reasonable wish but CISPA could have dire consequences and potentially erase all semblance of privacy. It would invalidate all privacy laws, including the federal Electronic Communications Privacy Act, the Wiretap Act, the Foreign Intelligence Surveillance Act and the Privacy Act.
The broad reach of CISPA allows companies to filter and block internet traffic. As long as ISPs attempt to identify cybersecurity threats they could block entire websites and bring down Wikileaks or The Pirate Bay.
The internet has particular tools to increase your privacy. You can encrypt your data to make it unreadable to outsiders and even anonymize yourself with services like the Tor Project.
Unfortunately, these sort of activities could make you even more prone to CISPA surveillance. All these activities could be considered suspicious and threatening under the bill and cause companies to read your emails and send away your information.
Even with knowledge of these problems, the internet has remained largely silent. There isn’t as much uproar over CISPA and no blackouts or protests have been organized. Influential internet companies like Google and Wikipedia have yet to take a stance. Wikipedia spokesman Joe Walsh doesn’t “want to rush to conclusions,” while Google is “watching the process closely.”
Why the change of heart? This time companies aren’t held accountable for their actions and could freely share your private information with the government without repercussions. The vagueness of CISPA ensures that users can’t fight back. CISPA grants immunity for any company that acts in “good faith” thus mostly prohibiting user retaliation.
You’re allowed to sue the government if they intentionally use the information they gather for purposes not described in the bill. However, the statute of limitations for these lawsuits is two years and lawsuits concerning classified information or the “state secrets privilege” are difficult to execute.
Additionally, CISPA doesn’t require judicial oversight or a company to have a warrant before sending your information to the government. If a company interprets your activities as cyber threats they are given free reign. Once the government has your information, they’re even allowed to read it.
Despite all this, CISPA probably won’t become a law. If CISPA passes through the Senate the Obama Administration has said the bill will be vetoed if it doesn’t limit the amount of information and removes a company’s protection from legal liability. “The American people expect their Government to enhance security without undermining their privacy and civil liberties,” the Administration said.