It’s likely you’ve never heard of the Cyber Intelligence Sharing and Protection Act, also known as CISPA. It is the latest round in the never-ending litany of SOPA-like bills designed to clamp down on the scourge that is the Internet. And it just cleared the House last week by a pretty comfortable margin. Comfortable that is, unless you’re a user of the Internet.
Much like the Protecting Children From Internet Pornographers Act of 2011, CISPA cloaks itself with a title that’s hard to be opposed to. Cyber-terrorism is a very real threat, and who in their right mind would be against a measure to protect us from a cyber-attack? Ahhh… if only it actually achieved that goal.
What CISPA actually does is provide immunity to ISPs and online service providers for responding to government requests for information about the cyber-activities of anyone related to cybersecurity, cyber crime, protecting people from harm, protecting children from exploitation, and national security. Note that the bill does not compel companies to turn over such information, and because it’s a voluntary request, it requires no court approval or any other sort of burden of reasonable cause. But keep in mind that during the post 9/11 illegal wiretapping scandals, AT&T, Verizon, and other companies were only too willing to hand over your data. So much so that there were efforts to prosecute the telecom companies for violating citizen’s rights, which ultimately required that the telcos be granted immunity. Under CISPA, they will have permanent immunity as CISPA explicitly states that companies may provide requested information “notwithstanding any other provision of law.” In other words, CISPA trumps all other laws.
CISPA would “waive every single privacy law ever enacted in the name of cybersecurity,” Rep. Jared Polis, a Colorado Democrat and onetime Web entrepreneur, said during the House debate. “Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on.”
Yet all this begs the question, will it make us safer? After all, in the last decade Americans have repeatedly shown that they are willing to sacrifice considerable freedoms in the interest of domestic security.
The fundamental issue would seem to be that this is a bill about cyber-security. Yet the allowances to deploy the law for purposes such as protecting children from exploitation seem pretty hard to defend as essential to preventing cyber-terrorism. Still, it’s hard to argue that protecting children is a bad thing.
Moreover, the issue would seem to be the relative ease by which potential cyber-terrorists could thwart the efforts enabled by CISPA. VPN tunnels and anonymous proxy services are well known technologies, and would make it impossible for anyone monitoring network traffic to even determine who was talking to whom, much less eavesdrop on the conversation. You could certainly argue that the average citizen might not have the geeky skills to set up such a secure Internet connection. But certainly anyone with the mad tech skills to conduct cyber-terrorism is going to be able to handle an encrypted network tunnel. Don’tcha think?
So who are we catching here? One possibility is that this is all just more security theater. We’ll spend a lot of money and politicians will use CISPA as a campaign slogan, but it will have very little net impact on security. Another possibility is that CISPA will be exploited for less noble purposes, unrelated to cyber-terrorism. Instead of hunting down Chinese hackers, it will be used to hunt down your spouse streaming an illegally broadcast Celtics game on her laptop.
The bottom line is that this bill will not accomplish what it purports to. The bill is highly focused on domestic surveillance, and there is no evidence that we are at risk of a domestic cyber-attack from citizens with poor tech skills. Further, there are ample laws on the books now that allow the government a pretty wide berth to eavesdrop on citizens when they can show cause. And those laws have already been routinely circumvented in the name of national security. If anything, we need to be shoring up the Fourth Amendment, not tearing it to shreds.
Just because technology provides the means to unobtrusively invade our personal privacy does not mean we should be surrendering those rights.
Fortunately, while CISPA started out with bipartisan support, it has become a partisan issue. It may have been passed by the House, but its chances of getting through the Senate are slim, and Obama has already threatened a veto. Yet this is no time for complacency. These sorts of bills just keep on coming, and sooner or later, one of them will slip through.