Tag Archive: Cyber Intelligence Sharing and Protection Act

Apr 29 2012

Stop CISPA: What You Need to Know

CISPA, the cyber-security bill which threatens individual privacy rights on the internet, has passed the House, ignoring a possible veto, and will go to the Senate:

On a bipartisan vote of 248-168, the Republican-controlled House backed the Cyber Intelligence Sharing and Protection Act (Cispa), which would encourage companies and the federal government to share information collected on the internet to prevent electronic attacks from cybercriminals, foreign governments and terrorists.

“This is the last bastion of things we need to do to protect this country,” Republican Mike Rogers, chairman of the House intelligence committee, said after more than five hours of debate. [..]

The White House, along with a coalition of liberal and conservative groups and lawmakers, strongly opposed the measure, complaining that Americans’ privacy could be violated. They argued that companies could share an employee’s personal information with the government, data that could end up in the hands of officials from the National Security Agency or the defence department. They also challenged the bill’s liability waiver for private companies that disclose information, complaining it was too broad.

“Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity,” a coalition that included the American Civil Liberties Union and former conservative Republican representative Bob Barr, lawmakers said on Thursday.

CISPA Critics Warn Cybersecurity Bill Will Increase Domestic Surveillance and Violate Privacy Rights

As it heads toward a House vote, critics say the Cyber Intelligence Sharing and Protection Act (CISPA) would allow private internet companies like Google, Facebook and Microsoft to hand over troves of confidential customer records and communications to the National Security Agency, FBI and Department of Homeland Security, effectively legalizing a secret domestic surveillance program already run by the NSA. Backers say the measure is needed to help private firms crackdown on foreign entities – including the Chinese and Russian governments – committing online economic espionage. The bill has faced widespread opposition from online privacy advocates and even the Obama administration, which has threatened a veto. “CISPA … will create an exception to all existing privacy laws so that companies can share very sensitive and personal information directly with the government, including military agencies like the National Security Agency,” says Michelle Richardson, legislative counsel for the American Civil Liberties Union. “Once the government has it, they can repurpose it and use it for a number of things, including an undefined national security use.” [includes rush transcript]

Think Progress has a summery of what we need to know  about CISPA to fight to stop its passage:

  • CISPA’s broad language will likely give the government access to anyone’s personal information with few privacy protections: CISPA allows the government access to any “information pertaining directly to a vulnerability of, or threat to, a system or network of a government or private entity.” [..]
  • It supersedes all other provisions of the law protecting privacy: As the bill is currently written, CISPA would apply “notwithstanding any other provision of law.” [..]
  • The bill completely exempts itself from the Freedom of Information Act: Citizens and journalists have access to most things the government does via the Freedom of Information Act (FOIA), a key tool for increasing transparency.
  • [..]

  • CISPA gives companies blanket immunity from future lawsuits: One of the most egregious aspects of CISPA is that it gives blanket legal immunity to any company that shares its customers’ private information.
  • [..]

  • Recent revisions don’t go nearly far enough: In an attempt to specify how the government can use the information they collect, the House passed an amendment saying the data can only be used for: “1) cybersecurity; 2) investigation and prosecution of cybersecurity crimes; 3) protection of individuals from the danger of death or physical injury; 4) protection of minors from physical or psychological harm; and 5) protection of the national security of the United States.”
  • Citizens have to trust that companies like Facebook won’t share your personal information: CISPA does not force companies share private user information with the government. {..] Companies may not be legally required to turn over information, but they “may not be in a position to say no.”
  • Companies can already inform the government and each other about incoming cybersecurity threats: {..} opponents of the bill point out that “network administrators and security researchers at private firms have shared threat information with one another for decades.”
  • The internet is fighting back: The same online activists who fought hard against SOPA are now engaged in the battle over CISPA.
  • Most Republicans support CISPA, while most Democrats oppose it: Among congressmen that voted, 88 percent of Republicans supported the bill while 77 percent of Democrats opposed it.
  • President Obama threatened to veto it: Recognizing the threat to civil liberties that CISPA poses, President Obama announced this week that he “strongly opposes” the bill and has threatened to veto if it comes to his desk.
  • Join the Fight to Stop CISPA! Sign the petition:

    Save the Internet from the US

    Write your Senators

    Tell Congress: Keep My Inbox Away From the Government

    Apr 26 2012

    CISPA: Cybersecurity That Leaves Us All Unsecure

    Here we go again with the right to internet privacy and security for the individual being threatened by the government on behalf of corporations. On November 11 last year, the Cyber Intelligence Sharing and Protection Act was introduced in the House by U.S. Representative Michael Rogers (R-MI) and 111 co-sponsors. The bills supposed purpose would allow the voluntary sharing of attack and threat information between the U.S. government and security cleared technology and manufacturing companies to ensure the security of networks against patterns of attack.

    What does that mean, you ask? Well, as Rep. Ron Paul (R-TX) explains the bill would allow “both the federal government and private companies to view your private online communications without judicial oversight provided that they do so of course in the name of cyber-security.” Paul calls the CISPA the new SOPA:

    CISPA represents an alarming form of corporatism, as it further intertwines government with companies like Google and Facebook. It permits them to hand over your private communications to government officials without a warrant, circumventing well-established federal laws like the Wiretap Act and the Electronic Communications Privacy Act. It also grants them broad immunity from lawsuits for doing so, leaving you without recourse for invasions of privacy. Simply put, CISPA encourages some of our most successful internet companies to act as government spies, sowing distrust of social media and chilling communication in one segment of the world economy where America still leads.

    Proponents of CISPA may be well-intentioned, but they unquestionably are leading us toward a national security state rather than a free constitutional republic. Imagine having government-approved employees embedded at Facebook, complete with federal security clearances, serving as conduits for secret information about their American customers. If you believe in privacy and free markets, you should be deeply concerned about the proposed marriage of government intelligence gathering with private, profit-seeking companies. CISPA is Big Brother writ large, putting the resources of private industry to work for the nefarious purpose of spying on the American people. We can only hope the public responds to CISPA as it did to SOPA back in January. I urge you to learn more about the bill by reading a synopsis provided by the Electronic Frontier Foundation on their website at eff.org. I also urge you to call your federal Senators and Representatives and urge them to oppose CISPA and similar bills that attack internet freedom.

    This is CISPA (pdf):

  • CISPA could allow any private company to share vast amounts of sensitive, private data about its customers with the government.
  • CISPA would override all other federal and state privacy laws, and allow a private company to share nearly anything-from the contents of private emails and Internet browsing history to medical, educational and financial records-as long as it “directly pertains to” a “cyber threat,” which is broadly defined.
  • CISPA does not require that data shared with the government be stripped of unnecessary personally-identifiable information. A private company may choose to anonymize the data it shares with the government. However, there is no requirement that it does so-even when personally-identifiable information is unnecessary for cybersecurity measures. For example, emails could be shared with the full names of their authors and recipients. A company could decide to leave the names of its customers in the data it shares with the government merely because it does not want to incur the expense of deleting them. This is contrary to the recommendations of the House Republican Cybersecurity Task Force and other bills to authorize information sharing, which require companies to make a reasonable effort to minimize the sharing of personally-identifiable information.
  • CISPA would allow the government to use collected private information for reasons other than cybersecurity. The government could use any information it receives for “any lawful purpose” besides “regulatory purposes,” so long as the same use can also be justified by cybersecurity or the protection of national security. This would provide no meaningful limit-a government official could easily create a connection to “national security” to justify nearly any type of investigation.
  • CISPA would give Internet Service Providers free rein to monitor the private communications and activities of users on their networks. ISPs would have wide latitude to do anything that can be construed as part of a “cybersecurity system,” regardless of any other privacy or telecommunications law.
  • CISPA would empower the military and the National Security Agency (NSA) to collect information about domestic Internet users. Other information sharing bills would direct private information from domestic sources to civilian agencies, such as the Department of Homeland Security. CISPA contains no such limitation. Instead, the Department of Defense and the NSA could solicit and receive information directly from American companies, about users and systems inside the United States.
  • CISPA places too much faith in private companies, to safeguard their most sensitive customer data from government intrusion. While information sharing would be voluntary under CISPA, the government has a variety of ways to pressure private companies to share large volumes of customer information. With complete legal immunity, private companies have few clear incentives to resist such pressure. There is also no requirement that companies ever tell their customers what they have shared with the government, either before or after the fact. As informed consumers, Americans expect technology companies to have clear privacy policies, telling us exactly how and when the company will use and share our personal data, so that we can make informed choices about which companies have earned our trust and deserve our business.
  • On Wednesday the White House Office of Management and Budget issues a lengthy statement in opposition to CISPA and a threat to veto the bill:

  • “H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. […]”
  • “The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. […]”
  • It would “inappropriately shield companies from any suits where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. […]”
  • And finally, it “effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. […]”
  • “If H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill,” OMB
  • said.

    h/t to Joan McCarter at Daily Kos for the summery

    We at The Stars Hollow Gazette and Docudharma strongly oppose CISPA and urge you to contact your Congress person:

    Tell Congress: Keep My Inbox Away From the Government

    and to sign the petition:

    Stop CISPA