Pitchforks and Privacy: CISPA - The U.S. Government's Latest Efforts To Infuriate the Twitter Crowd

Not to double up on Catherine’s introduction to the issues of web privacy in her recent blog, but after reading it, this Kat thought that the looming U.S. Cyber Information Sharing and Protection Act (CISPA) could use a little attention.  This Kat assures you that it is getting plenty of attention in the U.S. from the Twitter crowd who killed SOPA just a few short months ago.  The bill is certainly not making any friends among internet users.

This Kat would rather dance a tango with a pit bull than get tangled up in the language of the bill that just passed the U.S. House, because there are at least two competing bills in the U.S. Senate, and everybody knows the Senate will work on its own version just to show the House how much smarter they are over at Senate.  (And the wheels of politics go ‘round....)    But we shall at least paw at the edges.  

CISPA authorizes the Director of National Intelligence to establish procedures for “allowing and encouraging” the sharing of information between the private sector and intelligence agencies as it pertains to cyber security concerns.  The private entities involved must be “certified,” meaning the U.S. government must feel that the entity is one worthy of receiving government security information. The government’s use of information is limited to the prevention of cybersecurity crimes, national security concerns, or the prevention of death or physical harm, or child pornography or human trafficking.  

Certain information (such as library records) is exempt from being shared with the government, and the government does maintain a certain amount of liability for using information in a manner not authorized by the bill.

The system is voluntary - neither side is required to share information. 

There are of course the usual (and quite legitimate) complaints about vagueness and overbreadth in the legislation, and the absurd but not unexpected howlings about how the bill will kill Facebook (a supporter of the bill, no less) and internet pornography (likely to survive).    This Kat’s hackles are still up just a bit about the provision of the bill which allows provide internet security companies to “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the companies they are paid to protect.  Arguably Facebook’s right to use and share information is not limited to the prevention of internet security crimes, because anything it gleans through its security provider can be used for anything Facebook believes is in its own interest.  Furthermore, Facebook and the like are exempt from liability to users for actions taken under the purview of the bill.  But this Kat has very smart friends in the data world who believe that the defintion of “cybersecurity information”  in the bill is likely sufficient to protect our private information.  

Image: Carlos Porto / FreeDigitalPhotos.net

Most problematic is that it is not entirely clear what problem CISPA is trying to solve.  All of the information the government is seeking to access under this bill is already available to it, albeit through the proper warrant and due process channels.  The Feds will have to do a much much better job of selling this legislation to the American public if it expects to survive the next Twitter Attack.  But at the end of the day, this Kat would like to ask the Twitter crowd if it has considered how much the companies covered by this bill already know about them anyway. 

The Senate versions of a similar bill are massive, and it is far too early in the process to comment on them  (They can be read here and here, if dear reader insists).  

It is incumbent upon all of us to pay careful attention to how much our governments and our service providers are paying attention to what we do on the internet, if it isn't already too late to control.