Dan Gilmor: What Is CISPA?
Cyber-security is a real problem, but Congress' latest bill tries to solve it by attacking the freedom of the internet.
If you are eligible to vote in the United States, please take a break from whatever you’re doing today and call your member of the US House of Representatives. Tell the staff member who answers the phone that you value your privacy. And tell him or her that you are deeply unhappy that the House seems poised to destroy everyone’s online – and by extension offline – privacy by passing the Cyber Intelligence Sharing and Protection Act (Cispa).
You might also mention that you’re not a “14-year-old tweeter in the basement,” which is how the chief backer of this wretched legislation has described its countless opponents.
The House is likely to vote on Cispa Thursday morning. On Tuesday, a committee rejected a collection of amendments aimed at fixing a bill whose main goal, purportedly, is to help the nation protect itself from malicious hackers, criminal and governmental. It invites companies like internet service providers to share information so they can coordinate defenses.
Worthy ideas in the abstract, but horrible in the details: cyber-security is a genuine concern, as we’ve seen repeatedly. But this bill is easily the worst attack on the open internet since the infamous Stop Online Piracy Act (Sopa), an online censorship bill that was killed in the wake of widespread opposition early last year.
As the Electronic Frontier Foundation’s Mark Jaycox put it in an open forum on Reddit last week, here are some of Cispa’s consequences:
Companies have new rights to monitor user actions and share data – including potentially sensitive user data – with the government without a warrant.
Cispa overrides existing privacy law, and grants broad immunities to participating companies.
Information provided to the federal government under Cispa would be exempt from the Freedom of Information Act (FOIA) and other state laws that could otherwise require disclosure (unless some law other than Cispa already requires its provision to the government).
Cispa’s authors argue that the bill contains limitations on how the federal government can use and disclose information by permitting lawsuits against the government. But if a company sends information about a user that is not cyberthreat information, the government agency does not notify the user, only the company.
The House bill’s sponsor, Michigan Republican Mike Rogers – the man who thinks you’re a juvenile if you want to protect your privacy – has consistently made clear his contempt for anyone who objects to Cispa – opponents including every civil liberties organization that matters and more than 70 security specialists, academics and policy experts (note: I’m a signer). When he dismisses common sense calls for fixing this bill in this way, you have to reach one of two conclusions: either he’s ignorant of what he’s doing, or he’s contemptuous not only of opposition, but also of fundamental liberty.
If Cispa passes in the House, as it’s likely to do, the next stop will be the Senate. Last year, when the same legislation came up, a Senate filibuster killed it. We cannot count on being so fortunate again. And please don’t assume that President Obama will follow through on Tuesday’s warning that he might veto the bill (pdf) if passed in its current form. This is a president, after all, who has made so many civil liberties vows that he later broke.
With this week’s Boston bombs and ricin scares, Congress is surely in its standard “do something to show we’re tough on security” mode. Cispa will have an easier time passing than it should as a result.
It’s up to all of us to say, “We’re not going to sacrifice all of our liberties for the illusion of safety.” If you value any semblance of privacy in our increasingly digital world, call your House member’s office.