While all eyes were on Boston and the manhunt for the two bombers in the wake of the Boston Marathon bombing, the House of Representatives was passing CISPA – a bill that will allow companies to hand over our data to the government without a warrant.
What is CISPA? CISPA stands for Cyber Intelligence Sharing and Protection Act (CISPA). What does it do? CISPA would allow for voluntary information sharing between private companies and the government in the event of a cyber attack. If the government detects a cyber attack that might take down Facebook or Google, for example, they could notify those companies. At the same time, Facebook or Google could inform the feds if they notice unusual activity on their networks that might suggest a cyber attack. CISPA bridges a gap between the private firms that can access your data for nefarious purposes.
U.S. firms voluntarily handing data along the one-way street to the U.S. government effectively means the Fourth Amendment doesn’t have to apply; it’s not snooping if it was handed to the government under “cybersecurity” grounds. By this point, the U.S. government can do just about anything it likes with your data once it’s in its hands, in spite of the Fourth Amendment. But because the language in CISPA is so ill defined, it could be used for many more reasons than were initially considered.
It would allow companies to easily hand over users’ private information to the government thanks to a liability clause. This, according to the Electronic Frontier Foundation, “essentially means CISPA would override the relevant provisions in all other laws—including privacy laws.”
Is that true? The bill’s sponsors, Reps. Mike Rogers and Dutch Ruppersberger, say no. But amidst backlash over the vague wording in the bill, the congressmen introduced an amendment that would require the government to anonymize any data it turns over to a private company. Did that do the trick? Not exactly. The White House has threatened to veto CISPA, in part because it does not require private companies to do the same and anonymize the data they hand over to the government. That would impose an onerous burden on private companies and perhaps deter them from participating in this voluntary program, backers claim.
According to privacy and civil liberties group the Electronic Frontier Foundation (EFF), even though the data was passed to the government for reasons pertaining only to “cybersecurity,” it can then be used to investigate other crime, not limited to cybersecurity crime, such as the “criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States.”
“CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files.” Bill sponsors, however, argued that CISPA is needed to keep that data safe, pointing to foreign hackers who have hit U.S. companies in an effort to steal information.
What’s the difference between CISPA and SOPA/PIPA? Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA).targeted websites that trafficked in counterfeit goods, from fake purses to software. The bills would have allowed for copyright owners to file a complaint against offending websites and have them pulled from the Web. SOPA/PIPA were aimed at “rogue” overseas sites, but it prompted concern that legitimate websites here in the U.S. would be taken offline. With SOPA and PIPA, tech firms were concerned about having their websites taken offline for no reason, CISPA, however, goes after cyber attacks – which also cost those firms money.
There are some big names on the bill’s list of supporters, including AT&T, Comcast, HP, IBM, Intel, Time Warner Cable, and Verizon.Didn’t we hear about CISPA last year, too? Yes, the House passed CISPA in April 2012. But it never made it through the Senate. Rep’s Rogers and Ruppersberger have introduced a number of amendments – in committee and on the House floor last week – to calm some of those fears.What type of amendments? More than a dozen proposals were approved, but among the highlights: companies can only use information they receive for cyber-security purposes, not to help their business; the feds can’t hold on to shared data and use it for “national security purposes”; clarification that CISPA does not authorize hacking; and a rule that incoming cyber data will be handled by the Homeland Security Department and the Justice Department.
Sources—chloe albanesius, pcmab.com, dhs,