CISPA: Cyber Security or Big Brother?

On Friday of this week, the House of Representatives will vote on a controversial new cybersecurity bill. The Cyber Intelligence Sharing and Protection Act, or CISPA for short, introduced on November 30, 2011 by Rep. Michael Rogers (R-Michigan) is being called by many a privacy-destroying bill.

The bill is designed to allow for the sharing of intelligence between Internet companies (Google, Facebook, etc. as well as ISPs) and government agencies regarding cyber threats. This is different from SOPA and PIPA which were created as a response to the growing War on Copyright. However, like SOPA and PIPA, the bill’s broad legislation leaves many speculating as to how the new power could be abused.

Isn’t Cybersecurity a good thing?

In short, yes. Cybersecurity involves the strengthening of our networks to prevent and respond to cyber attacks. In a May 2009 speech President Obama referenced instances of hacking and cyber-terrorism, stating that “It’s now clear this cyberthreat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be.”

“Cyberspace is a world we depend on every single day,” Obama continues. “[This is] the great irony of our information age: The very technologies that empower us to create and to build also empower those who would disrupt and destroy. This paradox, seen and unseen, is something that we experience every day.”

If passed, CISPA would amend the National Security Act of 1947 to include provisions pertaining to cybersecurity. In addition to establishing the Department of Defense, the National Security Act of 1947 (and its first amendment) established the National Security Council and the Central Intelligence Agency. Amending that Act would presumably enable us to be more prepared for cyber threats.

As the President stated in his speech, “Just as we do for natural disasters, we have to have plans and resources in place beforehand: sharing information, issuing warnings, and ensuring a coordinated response.” While this sentiment expresses the original intent of bills like CISPA, the White House has some concerns about the actual legislation coming through currently.

“Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens,” read the White House statement, recommending that President Obama veto the bill in question. And the White House is not alone in it’s concern for user privacy.

What’s the catch?

While cybersecurity is important, there’s growing concern over the bill’s language. Like the copyright bills that came before it, many fear that the provisions outlined in the bill will be misused.

As reported on Mashable, “opponents [of the bill] — including civil liberties and online privacy groups — argue CISPA would destroy the notion of online privacy by allowing private firms to hand personal data over to the intelligence community.” Techdirt puts a different spin on it, reporting that the bill “may be worded to allow what is effectively direct government monitoring of private networks”. Even the creator of the World Wide Web, Tim Berners-Lee warns that CISPA will “threaten the rights of people in America”.

PC Magazine echoes a common concern; the bill’s “broad language means there is no explicit restriction about the type of information being shared between government and companies, so long as it could somehow be linked to cyber-threats.” Even scarier is the phrase “notwithstanding any other provision of law” implying that the bill would override existing privacy laws and policies.

Recent amendments to the bill specify who has access to the intel and how the government may use it. Definitions have been refined for specificity and clauses have been added that allow for legal cases to be filed for wrongful use of the intelligence.

One of the things the President said in his speech was that “Our pursuit of cybersecurity will not include monitoring private sector networks or internet traffic we will preserve and protect the personal privacy and civil liberties we cherish as Americans.”

Why should I care about CISPA?

You should care about CISPA from the perspective of an Internet user. CISPA fundamentally changes how Internet companies are allowed to share information about you. The bill will likely override not only existing privacy laws, but also the privacy policies on any site you visit. The still-broad definition of a cyber threat is something to be concerned with.

We can either trust that Internet companies and the government will act in our best interests or we can believe the hype that the bill’s opponents are building. Either way, it’s important to understand that the meaning of “privacy” on the Internet is changing. Being more mindful of what information we share and our general activities online is the first step.

It will be interesting to see how things play out.