The Cyber Intelligence Sharing and Protection Act (CISPA) is getting a lot of bipartisan support, but in reality it’s a nightmare that makes SOPA look practically benign in comparison.
The bill (HR3523) was introduced last December by Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), chair and minority leader of the House Intelligence Committee respectively, and it now has more than 105 co-sponsors along with a bunch of corporations backing it.
The bill, like so many bad ideas, has good some intentions: It is supposed to enhance information sharing for cybersecurity purposes between the private sector and the government, and it would authorize Internet service providers and other companies to share customer communications and other personally identifiable information with government agencies.
The problems? Here’s what the EFF had to say:
The bill would allow a broad swath of ISPs and other private entities to "use cybersecurity systems" to collect and share masses of user data with the government, other businesses, or "any other entity" so long as it’s for a vaguely-defined "cybersecurity purpose." It would trump existing privacy statutes that strictly limit the interception and disclosure of your private communications data, as well as any other state or federal law that might get in the way.
The government can ask for this information based on two suspected infractions:
- Efforts to degrade, disrupt, or destroy a government or private system or network; or
- “Theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
You don’t have to a lawyer to realize tha roughly translates into, “Anything we want.”
However, there would be some oversight. The bill initially stated taht the watchdog would be would be the Privacy and Civil Liberties Oversight Board which, as the EFF noted, hasn’t existed since January 2008. Our new protector would be the Inspector General of the Intelligence Community. Even if this IG wanted to be an aggressive regulator it would be tough. His or her authority is limited to an annual report for Congress.
Doesn’t that make you feel better?
But wait, as the commercials say, that’s not all.
Once this information is handed over, the government can do pretty much whatever it wants with it. Data wouldn’t have to be used for cybersecurity, but could be used for any purpose that is not specifically prohibited.
Did you ever see the movie Brazil? In it one man’s life is ruined because of a misspelling on a government form. Now admittedly Brazil is a 1985 movie about a dystopia in which massive government bureaucracies are forced to guard national security using jury-rigged 1940’s technology. So we, with our state-of-the-fart government IT infrastructure, have nothing to worry about.
PS: If you're confused by all the different dumb cyber bills under consideration the ACLU has come to your rescue with this handy dandy chart that compares and contrasts them. Also you can follow the progress of this bill at Govtrack. Or you can watch paint dry.