by Madison Ruppert
It’s quite sad for me to say that over 3 million businesses in the United States represented by the U.S. Chamber of Commerce, not to mention 800+ other major corporations (see below list), all have shown their support for the disturbing legislation known as CISPA, or the Cyber Intelligence Sharing and Protection Act.
This long list includes corporations like Google, Facebook, AT&T, Verizon, Microsoft, IBM, Boeing, Intel, the Financial Services Roundtable, Lockheed Martin, Qualcomm, Northrop Grumman, VeriSign, Symantec, Oracle, the National Cable & Telecommunications Association, the Internet Security Alliance, the information Technology Industry Council, the Independent Telephone & Telecommunications Alliance, the Cyber, Space & Intelligence Association, CTIA – the Wireless Association, the Business Roundtable and more (all of which are listed below).
Please take a moment out of your day to either share this article or at least the list of corporations behind this legislation in order to help coordinate a boycott effort.
I believe it would also be beneficial to call them repeatedly (inundating their phone lines can be a major headache), shower them with emails, letters, etc. all in an attempt to get them to back away from CISPA.
Widespread protest efforts were quite successful in bringing down the Stop Online Piracy Act (SOPA), but now we have to keep in mind that many of the corporations who were anti-SOPA are actually pro-CISPA.
This means that the public will have to be engaged to a much more significant degree in order to have an impact even remotely comparable to what we saw in opposition to SOPA and the Protect IP Act (PIPA).
The real reason that corporations who were against SOPA and PIPA but are now behind CISPA is because, unlike the previous legislation, it removes all liability from the corporations and shifts the regulatory pressure away from the company.
SOPA actually required private corporations to keep tabs on all of their user activity and made them liable for their users and their activities.
CISPA, on the other hand, shifts that responsibility away from the private corporations completely and hands that role over to a government entity.
This makes it so corporations are protected from lawsuits from a user who has their private information given to the government under CISPA.
“CISPA would allow ISPs, social networking sites and anyone else handling Internet communications to monitor users and pass information to the government without any judicial oversight,” according to the Activism Director for the Electronic Frontier Foundation (EFF), Rainey Reitman. “The language of this bill is dangerously vague, so that personal online activity — from the mundane to the intimate — could be implicated.”
What exactly does “dangerously vague” mean, you ask? Well, the EFF has done a fantastic job of explaining exactly what they mean.
CISPA would allow “access to any information regarding a ‘cyber threat’ is granted to the government, privacy security agencies and private companies.”
CISPA’s definition of a “cyber threat” is as follows:
- Efforts to disrupt or destroy government or private systems or networks.
- Theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
In this context, misappropriation means “wrongful borrowing” and intellectual property means anything protected by a copyright including programs like Photoshop and Microsoft Office, MP3s, television shows and movies, and absolutely anything in between.
The purposefully vague language of CISPA leaves room for abuse in the following ways (according to this informative infographic from the EFF):
The government, private security agencies (think HB Gary and many more), and private companies (which are already being brought into the fold) acting in “good faith” actually means maybe you did it (whatever it allegedly may be).
These entities can share “cyber threat information” which, in reality, is your personal information with other private companies, private security agencies and government entities.
They can do this all with total anonymity, meaning that they don’t have to tell you what they’re doing or if they’re sending your information to someone or even who they are sending it to.
It also gives these entities immunity to legal action, which means that you can’t take action against any of them, even if they made a mistake with your information.
“Any existing legal protections of user privacy will be usurped by CISPA. The bill clearly states that the information may be shared ‘notwithstanding any other provision of law,’” they add.
Recently, Joel Kaplan, Facebook’s vice president for U.S. public policy, attempted to reassure users. In my opinion, he failed miserably in attempting to say that it only would allow them to share information about possible cyber attacks while not forcing any new data sharing obligations, adding:
[W]e recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users.
EFF shot back in a quite thorough blog post entitled, “What Facebook Wants in Cybersecurity Doesn’t Require Trampling On Our Privacy Rights.”
They note that the government can already share information about supposed cyber threats with corporations like Facebook without “any of the CISPA provisions that allow companies to routinely monitor private communications and share personal user data gleaned from those communications with the government.”
They also make it very clear that they do not trust Facebook’s claims in writing:
But let’s be clear: Internet users don’t want promises from companies not to intercept our private communications and share that data with one another and the government. We want strong laws that make such egregious privacy violations illegal, that require the government to follow legal process (judicial oversight in most case), and that allow us or the government to sue persons who break the law. Ironically, hard-won, long-standing privacy laws—like the Wiretap Act and the Electronic Communications Privacy Act—already exist, although they are by no means ideal. There are already too many exceptions that allow the government to gain access to sensitive user data. But CISPA would upend these existing legal protections and leave the door wide open to companies handing sensitive personal information to the government without so much as a subpoena, let alone a warrant.
Considered together, this information paints nothing short of a disturbing picture. With Silicon Valley’s data mining capabilities more sophisticated than ever before, and with many peoples’ information being captured without their knowledge or consent, the information that will be readily available is almost incomprehensible in its scope.
The house will be voting on CISPA on April 23 and I highly recommend that you make an effort to put this legislation down before we see even more of our rights trampled on by our tyrannical federal government.
I’d love to hear your opinion, take a look at your story tips, and even your original writing if you would like to get it published. Please email me at [email protected]