New Bill Lets Gov’t Collect All Your Private Cyber Info
The Cyber Intelligence Sharing and Protection Act (CISPA) says feds can ask ISPs and others for any info they want, and no restrictions on its use are currently in place.
By Constantine von Hoffman, CIO
The Cyber Intelligence Sharing and Protection Act (CISPA) is getting a lot of bipartisan support, but in reality it’s a nightmare that makes SOPA look practically benign in comparison.
The bill (HR3523) was introduced last December by Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), chair and minority leader of the House Intelligence Committee respectively, and it now has more than 105 co-sponsors along with a bunch of corporations backing it.
The bill, like so many bad ideas, has good some intentions: It is supposed to enhance information sharing for cybersecurity purposes between the private sector and the government, and it would authorize Internet service providers and other companies to share customer communications and other personally identifiable information with government agencies.
The bill would allow a broad swath of ISPs and other private entities to “use cybersecurity systems” to collect and share masses of user data with the government, other businesses, or “any other entity” so long as it’s for a vaguely-defined “cybersecurity purpose.” It would trump existing privacy statutes that strictly limit the interception and disclosure of your private communications data, as well as any other state or federal law that might get in the way.
The government can ask for this information based on two suspected infractions:
Efforts to degrade, disrupt, or destroy a government or private system or network; or
“Theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
You don’t have to a lawyer to realize tha roughly translates into, “Anything we want.”
However, there would be some oversight. The bill initially stated taht the watchdog would be would be the Privacy and Civil Liberties Oversight Board which, as the EFF noted, hasn’t existed since January 2008. Our new protector would be the Inspector General of the Intelligence Community. Even if this IG wanted to be an aggressive regulator it would be tough. His or her authority is limited to an annual report for Congress.
Did you ever see the movie Brazil? In it one man’s life is ruined because of a misspelling on a government form. Now admittedly Brazil is a 1985 movie about a dystopia in which massive government bureaucracies are forced to guard national security using jury-rigged 1940’s technology. So we, with our state-of-the-fart government IT infrastructure, have nothing to worry about.