Following the SOPA/PIPA uproar that splashed across the Internet earlier this year, we now have another cyber-security bill that threatens American Web browsing privacy, the Cyber Intelligence Sharing and Protection Act, otherwise known as CISPA.
The House of Representatives passed the bill Thursday evening, moving the legislation closer to law. The bill is stalled in the Senate and President Obama has said he would veto the law if it made it to his desk. Even so, activists and observers on the Internet saw how far SOPA got and backers expect it to pass, says ProPublica. Protestors also saw how far education, blogging and general Internet awareness campaigns got them in the fight against it. Many see CISPA as just as bad, if not worse than the previous cyber security bills, and they're pushing back on it.
Before doing any protesting, the techies first clarified what makes CISPA the new SOPA. It's actually not exactly the new SOPA, as ProPublica's very complete explainer, points out. "SOPA was about intellectual property; CISPA is about cyber security, but opponents believe both bills have the potential to trample constitutional rights," writes ProPublica's Megha Rajagopalan. But, both have to do with the way you use the Internet and both threaten user privacy. This bill has nothing to do with copyright and online intellectual property. It would do more than just shutdown your favorite overseas pirates. But like SOPA, in the name of some loftier goal -- in SOPA's case copyright, in CISPA's case cyber-security -- CISPA gives the government your Internet. With SOPA, this meant censoring the Internet. CISPA, however, gives companies many Americans use, like Facebook and Twitter the ability to hand over your information to any government agency.
And here's where many decided CISPA was worse than SOPA. Both the Center for Democracy and Technology and the Electronic Frontier Foundation agree CISPA's language is far too broad. As Gizmodo points out in its useful explainer, the law's vague language gives the government a lot of leeway here. Per Gizmodo's Sam Biddle:
CISPA says companies need to give up your information only in the face of a "cyber threat." So, what is a "cyber threat"? Nobody really knows! The bill defines it as "efforts to degrade, disrupt, or destroy government or private systems and networks." In other words, trying to do bad stuff on the internet, or even just talking about it. Ideally, this would be narrowed to specific malicious LulzSec stuff like DDoS attacks, but it's not. It can be almost anything!
Over at TechDirt you can read the broad reasons the government says it needs information seizure, some of which got added to the bill last minute. "The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a 'cybersecurity crime'," writes TechDirt's Leigh Beadon. "Basically it says the 4th Amendment does not apply online, at all." And the government has structured the bill so it won't have much oversight, explains the Sunlight Foundation's John Wonderlich. He points to this section of the bill, which exempts CISPA from the Freedom of Information Act. "The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities," he writes. "CISPA dismisses it entirely, for the core activities of the newly proposed powers under the bill."
The other part that's scarier than SOPA is that it might actually pass. Many have pointed out that a divided house passed the bill 248-168, showing this is something both parties agree on. And while the House is united, the Internet this time around is not, with big Web juggarnauts that opposed SOPA, supporting CISPA. Facebook, for example, levied its support in a company blog post. "Importantly, HR 3523 would impose no new obligations on us to share data with anyone — and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today," wrote Facebook’s vice president of public policy, Joel Kaplan. ProPublica has put together a chart comparing the points of view of key players, showing how they come out on SOPA versus CISPA. Wikimedia, which led the controversial Wikipedia blackout, for example, is currently undecided on the topic. The divide, as Rajagopalan explains, is happening this time around because this bill would help these companies deal with real threats better. And there's a whole slew of other big name non-Internet companies, like Boeing and Verizon, supporting the legislation, too. (Here's the full list of their letters of support.)
But many critics don't even think the bill would make us safer. "Some cyber security specialists note that neither CISPA nor other cyber security bills in Congress would compel companies to update software, hire outside specialists or take other measures to preemptively secure themselves against hackers and other threats," writes. And even if it has minimal net-benefits, it's definitely not worth all the privacy we would give up, which is the ACLU's position. That group came out with the following statement. "CISPA goes too far for little reason. Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity," said ACLU legislative counsel Michelle Richardson after the house vote.
Even if the bill passes the Senate, where there is no corresponding bill at the moment, Obama has already issued a veto threat/. But the paranoid note that Obama's veto rhetoric hasn't been all that reliable. "Dear Obama: Your rhetoric on NDAA, Gitmo & Wall Street proved empty & false. We'll believe a #CISPA veto when we see it. Love, the Internet," tweeted an Anonymous Twitter handle, @YourAnonNews.