The Cyber Intelligence Sharing and Protection Act (CISPA) Is Back in Congress: Open Thread
(This post is by way of a PSA. I know very little about this issue, but it seems to be Very Bad for Us, but Very Useful for the Bad Guys. The front page hasn’t covered this news yet, nor has Emptywheel from what I can tell. My emphasis throughout. Or:
Help yourselves, please, because: you know more than I do.) ;o)
From Open Congress, ‘All Your Data Are Belong to Us’:
Barely a year after the defeat of SOPA, Congress is back to testing the waters for legislation that many internet users believe to be in violation of their fundamental rights to privacy and free expression.
CISPA [The Cyber Intelligence Sharing and Protection Act], a bill that would make it easier for corporations and the government to share internet users’ personal data, was officially re-introduced in the House on Wednesday. It’s already being rushed forward in the legislative process. The House Intelligence Committee is holding a full hearing on the bill today at 10 am (which was yesterday, Feb. 14). They will hear from four witnesses — all from the business sector and all known supporters of CISPA. No experts with concerns about privacy issues in the bill were invited to address the committee.
According to its sponsors, the goal of CISPA is to update how “cyber threat intelligence” information is shared between private entities and the federal government. In order to accomplish this, many long-standing laws that were designed to protect the privacy of individuals would be explicitly voided. With those laws out of the way, companies would be encouraged (but not required) to share information about their users with the government without a warrant and without disclosure, and they would be rewarded with legal impunity for doing so. The government would then be able to use the information that is shared with them for preventing cyber attacks or for any other law enforcement action.
Unlike SOPA, which divided the business community, CISPA enjoys overwhelming support from corporations.
This is the Rattiest portion:
The re-introduction of CISPA comes less than 24 hours after President Obama announced his executive order on cybersecurity. The executive order compels the government to share cyber threat information with web companies, but it does nothing to increase sharing from companies to the government. From a privacy standpoint, the executive order is neutral.
But during the State of the Union address, Obama called on Congress to pass legislation to “give our government a greater capacity to secure our networks and deter attacks.” That’s an implicit request to pass CISPA, and a sign to Congress that the Administration needs the laws changed in order to get the rest of the information sharing program — from web companies to the government — flowing.
CISPA is the contentious bill civil liberties advocates fought last year, which would provide a poorly-defined “cybersecurity” exception to existing privacy law. CISPA offers broad immunities to companies who choose to share data with government agencies (including the private communications of users) in the name of cybersecurity. It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency (NSA).
Last year, CISPA passed the House with a few handful of amendments that tried to fix some of its vague language. But the amendments didn’t address many of the significant civil liberties concerns. Those remaining problems were reintroduced in today’s version of CISPA. Here’s a brief overview of the issues (explanations of the bolded issues at the eff website):
Companies have new rights to monitor user actions and share data—including potentially sensitive user data—with the government without a warrant.
CISPA overrides existing privacy law, and grants broad immunities to participating companies.
CISPA also raises major transparency and accountability issues.
Users probably won’t know if their private data is compromised under CISPA, and will have little recourse.
CISPA is a dangerous bill.
EFF is asking (clicking the question takes you to a contact email page):