What Just Happened?
Yesterday, the House of Representatives passed a bill entitled Cyber Intelligence Sharing and Protection Act (H.R.3523), or CISPA for short. CISPA is a bill that allows the government to obtain your private information from companies without a warrant. Oddly, under the guise of making CISPA less abusive, the House actually slipped in some language at the last minute that made CISPA even worse. What SOPA was to online censorship, CISPA is to online privacy. Whereas SOPA was about stripping away your First Amendment rights (free speech); CISPA is about stripping away your Fourth Amendment rights (freedom from unreasonable search and siezure).
The House ostensibly passed CISPA to “provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.” Privacy advocates fear that the government will use CISPA to exploit your private and personal information in unconstitutional ways, far beyond those outlined in CISPA.
What Does CISPA Do?
The language of CISPA is pretty difficult to understand. CISPA states that any business that provides goods or services for cybersecurity purposes to itself may use its cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity and share such cyber threat information with any other entity, including the Federal Government. But what does that mean? Based upon my reading of the definitions contained within CISPA, it means any business that does anything online can share your private information with the government. It also means no state can enact a law preventing the business from sharing your personal information in this manner. As long as the company handed over your private information in “good faith,” CISPA also prohibits you from suing a company for handing over the wrong information.
What Does That Mean for Me?
CISPA contains no effective oversight of what private information the government is requesting and receiving. This opens the door to companies handing over all of your private information to the government and the government misusing that information once received. According to Rep. Jared Polis, a Colorado Democrat and onetime Web entrepreneur, CISPA will “waive every single privacy law ever enacted in the name of cybersecurity.” Rep. Polis went on to state that “[a]llowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on.” While addressing online security concerns is a laudable goal, there is absolutely no proof CISPA would result in a net increase in online security. Even if CISPA were to increase online security, it is not worth trampling over the Constitution to reach such a speculative goal.
CISPA guts the Fourth Amendment to the United States Constitution, eliminating the need for the government to show probable cause, or get a warrant to obtain your personal information. The FBI, BATF, Secret Service or any federal agency would simply ask the company holding your private information and the company could hand it over. As long as the exchange has some tangential relationship to the intentionally inscrutable phrase “cyber threat,” the CISPA insulates both the government agencies and the companies from liability as they exchange your private information. Not surprisingly, CISPA does very little in the way of protecting you or your constitutional rights from mistakes, overreaching and lack of oversight in the transaction.
Can I Find Out What Information of Mine the Government Obtains Under CISPA?
No. Cyber threat information shared in under CISPA is exempt from disclosure under section 552 of title 5 of the United States Code. This means that not only will the government not tell you what information of yours they request or receive, but you cannot even get this information pursuant to a Freedom of Information Act (FOIA) request.
Who is Behind CISPA?
The U.S. government, mainly. The government argues that it needs access to your personal and private information to stop online security threats. The government has also brought many large companies on board, companies, not surprisingly, who hold massive amounts of your personal information. Companies like AT&T, Boeing, Facebook, IBM, Intel, Microsoft, Symantec and Verizon are just a few of the 800+ companies supporting CISPA.
Who is Against CISPA?
Dozens of privacy groups, including: The Electronic Frontier Foundation; The American Civil Liberties Union; The American Library Association; The American Association of University Professors, Consumer Watchdog, Demand Progress, Government Accountability Project, Patient Privacy Rights, and the U.S. Bill of Rights Foundation are all strongly opposed to CISPA. Their main concern is that CISPA will allow companies holding our most sensitive and personal information to share that information with the government, and that lack of oversight will lead the government to use this information for purposes completely unrelated to cybersecurity.
What Can I Do?
Time is running short. Once the Senate passes CISPA and President Obama signs it it will be too late. President Obama said he would not sign CISPA, but he said the same thing about NDAA (indefinite detention of U.S. citizens) right before he signed it. Contact your state senators. You can find out their contact information here. Introduce yourself to the person who answers the phone as a constituent of the senator. Ask them about their office’s stance on CISPA. They will ask for yours and report those number to the senator. If you know enough about CISPA to address the particulars, ask to speak with a legislative assistant. If one is not available, leave your number and have them call you back. Ask them about the status of CISPA and the parts of CISPA about which you have a particular concern. If you do not feel up to speaking with a legislative assistant, follow up your phone call with an email and/or letter outlining your objections to CISPA. Most importantly, make your senators aware of your objections to the unconstitutional privacy invasions inherent in CISPA. Do it today.