On Thursday, the House of Representatives voted 248-168 to pass CISPA, the Cyber Intelligence Sharing and Protection Act. Civil liberties advocates loudly protested the bill, claiming it will give government too much access to individuals’ personal information. The Obama administration is threatening to veto it if it makes it through both chambers of Congress. Congressional sponsors scrambled to amend the bill this week in order to ensure its passage. CISPA is supported by Facebook, Microsoft and other online giants.
H.R. 3523 will allow websites to share users’ personal information with the federal government in the name of cyber security, with no judicial oversight. It would authorize internet providers, social networking sites, and other websites that store personal information to monitor users’ personal emails for the vague purpose of “protecting the rights and property” of the provider. Currently, the Wiretap Act and the Electronic Communications Privacy Act prohibit companies from routinely monitoring your communications. CISPA would remove those protections, and create a broad immunity for companies against both civil and criminal liability, making it difficult to sue them. The American Library Association warns, "This bill would trump all current privacy laws including the forty-eight state library record confidentiality laws as well as the federal Electronic Communications Privacy Act, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the Privacy Act. “
CISPA is written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD). 112 members of Congress co-sponsored the bill, including Rep. Ben Quayle (R-AZ), who is running against Rep. David Schweikert (R-AZ) in Arizona’s new CD6. Schweikert opposed the bill, saying, ”I have concerns that the private information gathered by the Department of Homeland Security would be passed on to other government entities that have little to no civilian oversight.” Schweikert dislikes that there is no mechanism for the public to request the information being transferred to the government; it is not discloseable in a public records request. Quayle also co-sponsored SOPA, the Stop Online Piracy Act, CISPA’s predecessor which went down in flames after a public outcry over the vast amount of power it gave the Justice Department to shut down websites. Quayle backed off from supporting both bills, and added an amendment this week to CISPA limiting the government’s use of shared cyber threat information to “cybersecurity,” “national security,” and several other criteria.
These are still very broad, vague terms. The Center for Democracy and Technology, which reversed its opposition to CISPA as amendments narrowing its scope were added, still ended up opposing it. The ACLU, the Electronic Frontier Foundation (EFF) and many other organizations continued to oppose it, since the amendments did not go far enough. EFF organized a Stop Cyber Spying Week this past week to hype up opposition to the bill.
Facebook argues that CISPA will give it the ability to share information with other companies about cyber attacks. Yet Facebook already has the ability to report cyber attacks to the police, then work in conjunction with the police and other companies. Private businesses already share personal information about their customers with the FBI. Facebook oddly argues that it needs the legislation in order to receive information about cyber security threats from the government – but that does not require CISPA legislation.
Fighting cyber attacks sounds noble, but it should not be done by creating a police state. Internet providers and social media networks are not the police. We should not be creating an additional new level of police out of our internet services. Rep. Ron Paul (R-TX) characterizes it as turning successful internet companies into spies.
Generally, a warrant is required to tap a telephone if you are not one of the parties participating and do not have their permission to tap it. Likewise, a warrant or probable cause should be required to spy on email and turn it over to the government. People are increasingly using the internet for all of their communications, as snail-mail becomes obsolete. There is no law permitting UPS to snoop through your snail-mail for vague reasons then turn it over to the government, so there should not be a new law permitting internet providers to do the same. Otherwise what is to prevent companies from going on fishing expeditions against people they don’t like? Everything in today’s era has moved to the internet; passing CISPA into law will have the effect of creating a massive surveillance state.