Rep. Mike Rogers (R-Mich) introduced the Cyber Intelligence Sharing and Protection Act (CISPA) and, with over 100 cosponsors, Congress appears to be in support of this new cybersecurity legislation. However, their surprise at the public backlash over the proposed bill is amazing. You’d think they would have learned something from the web-based activism against SOPA.
The Stop Online Piracy Act (SOPA) was designed, as the name suggests, to combat the theft of intellectual property through websites like the Pirate Bay. As I discussed in my article several months ago, SOPA attempted to solve the problem at the expense of Internet innovation, holding companies accountable for the content their users submit. CISPA, on the other hand, works to combat cybersecurity threats.
The objectives of the respective bills aside, CISPA presents the same threat to privacy and personal liberty on the Internet that SOPA did. To put it simply, Congress is taking essentially the same enforcement mechanisms used in SOPA that were designed combat online piracy to combat cybersecurity threats in CISPA. No one will make the argument that the theft of intellectual property is not a legitimate concern, nor would anyone say that preparing the online infrastructure against cyber-attacks shouldn’t be an important priority of Congress in the coming years. However, it wasn’t the objective of the bill that people disagreed with when they protested against SOPA. It was the means by which Congress proposed enforcing the legislation.
CISPA isn’t dangerous because it attempts to combat cybersecurity threats; those threats are a legitimate concern. CISPA is dangerous because of its overly broad definition of what constitutes a threat. The bill’s creation of the term “cyber threat intelligence,” defined as “theft or misappropriation of private or government information, intellectual property, or personally identifiable information,” is only one of the many complaints about CISPA. If CISPA were solely about cybersecurity in protecting the infrastructure of the web, why is intellectual property in the bill? In defining a “cyber threat” as the misappropriation of government information, sites like Wikileaks could be deemed “threats” even though they help sustain the transparency that makes our democracy healthy .
CISPA attempts to curb cyberattacks is through information sharing between the private sector and the government, which is not necessarily a bad idea. However, people are justifiably concerned about an overly broad definition of “cyber threat intelligence,” which could eliminate individuals’ abilities to protect their information. Under the bill, an individual could not sue a private company for releasing personal information to the government or to other private companies. Individuals have no oversight over Internet service providers (ISPs) or what ISPs share.
Defenders of the bill claim that their terminology is broad so that Congress won’t have to renew the bill as new technology emerges, but this completely misses two major points. First, such overly broad definitions can be used inappropriately; for example, ISPs could provide the government with a user’s browsing history (something that currently requires a warrant). Second, and equally important, is that Congress should be forced to reexamine the issue as time goes on, rather than accepting existing policy as suitable regardless of whichever new technologies emerge.
At the heart of the disagreement over CISPA is the fundamental view Internet-users have that Congress does not seem to understand. We expect our right to free speech to extend to the Internet in full, desire a reasonable expectation of privacy while using the web and balk at any attempt by the federal government to monitor, censor or in any way control the content of the web without engaging in due process.
The interesting turn of events between SOPA and CISPA is the support of corporations. A number of companies that were initially against SOPA have announced their approval of CISPA and have even written letters of support to Congress. It will be interesting to see how this affects the progression of the legislation, as will the response from the online community.