Massive citizen and industry protests led to the defeat of the so-called Internet censorship bills, SOPA and PIPA a couple months ago. Now lawmakers, ever-committed to doing "something," have introduced H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 (aka CISPA), a potentially more insidious threat. Unlike SOPA and PIPA, which focused on intellectual property rights issues, CISPA is all about the War on Terror... specifically, cybersecurity. In brief, CISPA encourages ISPs and private companies to share information with the government, without fear of prosecution. Emails. Search records. Browsing history. Downloads. Everything. Google, Microsoft, AOL, Facebook, etc. effectively become full-fledged agents of the government.
SUMMARY OF FINDINGS:
• CISPA gives private companies permission to spy on their customers if they feel a security threat is, or may be occurring. The Act allows them to share the information they obtain with the government and other companies with almost total immunity from civil and criminal liability.
• The bill mandates the creation of new communication channels between government intelligence entities and private companies (like Internet Service Providers - ISPs) regarding potential and developing threats to cyber-security.
• CISPA defines "cyber threats" very loosely. The unintentional use of others' intellectual property, whether it be on a website, in a private communication, or otherwise, whether government or private sector, could be defined as a threat under the Act. According to the FBI, copyright violation is intellectual property theft.
• Blow-back from the public and the Internet community at large has been minimal. The bill has well over 100 co-sponsors in the House, and unlike SOPA/PIPA, it is supported by the technology industry.5 A complete list of companies and trade groups supporting the legislation can be found here.
• Internet and technology industry support stems from the fact that CISPA does not directly threaten their business models, due mainly to the immunity protection components that remove any liability for compliance with the law.
Vague verbiage contained in the Act could allow the government to circumvent existing exemptions to online privacy laws and monitor, censor and stop any online communication considered disruptive to the government OR private parties.
• The Act allows private companies to send information to the government, including the NSA and DOD's Cybercommand, and other private companies, without defined privacy protections and controls. There are no safeguards for protecting information once it is shared, and no legal repercussions if/when it falls into the wrong hands.
Although cooperation with the Act is not mandatory, failing to comply with the government's requests, in the case of a private company, could lead to sanctions and the organization being labeled as a supporter of terrorism.
• The Act opens the door for companies like Google and Facebook, or cellular and wireless carriers, like Verizon and ATT, to intercept and read your emails and text messages, filter them for content THEY deem to be a "threat," and send copies to one another and to the government. Nothing prevents the company, or someone within the organization, from modifying those communications or preventing them from reaching their intended destination if they deem the information to be a cybersecurity threat.
• CISPA's authors, although acknowledging the bill will "provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities," also point out that the legislation could be used "...for other purposes." These purposes lack a definition, and could include surveillance or censorship.6
• Currently there are over 40 more cybersecurity-related bills pending in Washington, including the: Data Accountability and Trust Act (H.R. 2221); Cybersecurity Enhancement Act (H.R. 4061); Intelligence Authorization Act (H.R. 2071); and, the International Cybercrime Reporting and Cooperation Act (S. 1438 and H.R. 4692).
The global trend is for governments and corporations to forward agendas that allow them to maintain online, the same sorts of controls that they have offline, while utilizing taxpayer provided funds to do so. David Banks from Cyborgology recently observed, "The first amendment assumed that individuals' speech and the press were restricted to national borders. CISPA and similar legislation is the beginning of a new kind of colonization." 10 If you value your privacy and right to free, un-monitored communication and you haven't yet looked at secure offshore email, web hosting and virtual private network (VPN) services, now may be the time to do so.