Once upon a time in America, there was a bill called the Stop Online Piracy Act. The bill was seen as so evil and vile that common men and women rallied against it alongside massive companies such as Google and Facebook. Terrified by the fierce backlash, Congress locked away the hated bill, thus saving Internet privacy forever.
Or so we thought. Last Thursday, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act. This law, known as CISPA, is a frightening miscarriage of privacy law that makes SOPA seem benevolent in comparison. You’re forgiven if you haven’t heard of CISPA. After all ,there have not been massive online protests seen like last time around. There have been no Wikipedia blackouts, no protest Doodles from Google. The lack of outrage is simple;:the potential victims of this new attack on privacy aren’t websites. The victims are American citizens who use the Internet.
SOPA, along with Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act and the international treaty Anti-Counterfeiting Trade Agreement, aimed to shut down websites hosting copyrighted content. CISPA, on the other hand, aims to protect cybersecurity by allowing corporations to record their users’ data. The data can then be shared with other companies that might be at risk of similar cyber attacks, as well as with the National Security Agency.
Basically, any website you use can record all of your private data, such as personal messages, pictures, contact information, anything. It can then take said data and do whatever it wants with it. The company can store it for a rainy day. It can share the data with other companies with the auspice of sharing information for protection from cyber attacks. And companies can give information to the federal government.
Think of it as a wiretap. If the FBI suspects you’re up to no good, it can ask a judge for a warrant to wiretap your phone by presenting probable cause. The FBI can then eavesdrop on your phone conversations. Now, imagine a new law that allows your phone company to automatically record all of your conversations, no warrants or probable cause needed. Then the FBI can simply ask for those recordings, effectively circumventing any concept of due process, privacy or individual rights.
CISPA works by allowing companies to record whatever they want. There is no risk to them if they track personally identifiable information that has nothing to do with cybersecurity. The federal government, specifically the NSA, can then ask for a copy of that information. The key here is that the NSA can’t force companies to give the information, and some companies such as Facebook have pledged not to do so.
And maybe you think all the companies’ websites you visit, as well your Internet provider, have your best interests at heart and will defy the federal government to protect your personal privacy. In that case, you have nothing to worry about. But maybe you don’t trust those multibillion dollar corporations to really protect you. Maybe, as CNET pointed out, you remember how in 2006 AT&T, Verizon and BellSouth voluntarily gave the NSA phone call records of tens of millions of Americans. Or you may remember when in 2007, Verizon admitted to releasing phone records to federal agencies without asking for a court order as required by law.
As many critics have argued, the act is written in language so vague it is hard to know what exactly would happen if it were to become law. The likeliest outcome seems to be that private companies would begin to gather customers’ personal data regardless of whether they plan to share it. Once they have this private information it’s hard to imagine they would deny the federal government access to it. After all, they want to seem patriotic and keep up the perception they are doing this for the greater good. It also seems unlikely that corporations such as Facebook, which thrive on personal data, would sit idly by on this treasure trove of information about its users it could never have legally acquired before.
Whatever the real outcome, this act cannot be allowed to become law. Today it sits in the Senate awaiting vote, despite President Barack Obama’s veto threat. Token amendments have been proposed to make this intolerable breach of personal privacy more palatable. But the core concept of allowing private companies to spy on American citizens for the federal government is one we cannot allow to happen. Whatever threats to cybersecurity this bill claims to prevent, the threats to freedom and justice are far greater.