- Development & Aid
- Economy & Trade
- Human Rights
- Global Governance
- Civil Society
Thursday, May 5, 2016
- For the second year in a row, activists have successfully defeated a proposal to allow Internet companies to provide customers’ private information to government agencies and each other without risking violation of privacy laws and agreements.
The Cyber Intelligence Sharing and Protection Act (CISPA), HR 624, passed the U.S. House on Apr. 18 in a 288-127 vote. Most Republicans and just under half of Democrats supported the measure.
CISPA had been referred to the Senate Intelligence Committee, but the Senate was unable to support the House version and had yet to come up with its own proposal.
CISPA is not expected to resurface again as a single comprehensive bill on cybersecurity, but will likely be taken up as multiple pieces of legislation dealing with different aspects of cybersecurity.
President Barack Obama announced his opposition to, and threatened to veto, CISPA, both before the House Committee vote and again after it.
“The Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill,” the White House wrote in a policy statement dated Apr. 16.
“Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government,” the White House wrote.
According to the American Civil Liberties Union (ACLU), that is one of several improvements – although, in the group’s opinion, still inadequate – that were made to the bill in the House Permanent Select Committee on Intelligence.
As for the purposes for which the information could be released or used, “They had this catch-all, for national security purposes, that wasn’t defined. Based on how the government has defined national security in the past, with the Patriot Act, we thought that was a very big loophole, so they sort of struck that out altogether,” Michelle Richardson, legislative counsel for the ACLU, told IPS.
The White House echoed many of the same concerns raised by such advocacy groups as the ACLU, the Campaign for Liberty, Demand Progress, Democrats.com, a progressive organisation not affiliated with the Democratic Party, and the Electronic Frontier Foundation, as well as the Libertarian Party of the U.S.
Demand Progress sent out a petition to its 1.5 million members and around 200,000 signed a petition opposing CISPA, co-founder David Segal told IPS. Demand Progress is a civil liberties advocacy group co-founded in 2010 by Segal and the late Aaron Swartz.
Swartz is an Internet activist who committed suicide in January 2013 after being threatened with federal prison time for releasing copywrite-protected academic journal articles from the website JSTOR to the public for free.
Demand Progress first began organising in 2010 around the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), two other bills dealing with government regulation of online freedom that were defeated in January 2012.
However, Segal says there has been a crucial difference between the organising efforts around SOPA and PIPA, which had to do with the government’s ability to block certain websites, and CISPA, which has to do with the government’s ability to obtain private information.
“The opposition to SOPA was so severe, we haven’t had to worry for the last year. This one [CISPA], the military-industrial complex, corporations, including web platforms that were against SOPA, are for CISPA, explicitly or tacitly,” Segal said, referring to companies like Amazon.com and Google.
“Those platforms, for the most part, are not opposing CISPA, or are supporting it. It gives them greater immunity from users if they share users’ information with the government,” he said.
The ACLU noted additional improvements were made to the bill in House committee, but still called it “scary”.
“They did say that the government does need to promulgate minimisation procedures, the idea that there would be an overarching set of rules to limit the sharing and use of personal data,” Richardson said.
“It’s also fixed to say as far as private is concerned, if you receive information from another company, you can only use it for cybersecurity purposes. They could have used it for marketing, or sold it to data-brokers,” she said.
Even with the changes, the CISPA proposal was “really scary because cybersecurity truly does affect us all. While the bill’s sponsors talk about China hacking in or a terrorist organisation taking down the grid, they’re writing legislation that’s much broader and encompassing bad acts on the Internet, phishing scams, and malware,” she said.
Anybody whose computer became targeted by a virus – meaning most, if not all, computers – would be subject to having their information released.
“I have started those Viagra [spam] emails, I keep getting through my work account. You could get a Nigerian Prince [scam] email. You’re on Facebook and there’s those viruses that say, ‘Oh my God, you have to watch these videos.’ All of these are everyday, just basic crimes, all of those things also implicated by this bill,” she said.
Richardson said that because the proposed law did not mandate that private companies turn over the information – and instead only provided legal protections for companies that would choose to voluntarily do so – the bill was an attempt to circumvent the Fourth Amendment to the constitution, which protects U.S. citizens from warrantless searches and seizures.
The ACLU further outlines their concerns regarding CISPA in a series of blog posts.
Segal also has raised concerns about the recent bombing in Boston, Massachusetts, being used by some as a backdrop to rush CISPA through Congress with little or no public debate.
“Some number of people who supported the legislation were invoking the bombings. It was up for a vote anyway, it was pre-scheduled. Some people were swayed to vote for it, because of the atmospherics of the bombing and they were called by other people in Congress,” Segal said.