CISPA, a terrible bill that would let websites hand over your personal data to the government with little oversight, just passed the US House of Representatives. That's not good.
Although the vote was scheduled for tomorrow, in something of a surprise, it took place today and passed the House 248-168.
The bill is still unabashedly a violation of your privacy rights -- nearly anything you say or do online can be handed over to the government without so much as a warrant -- although the version of the bill that passed this afternoon is both better and worse than it had been in its original form. As CNET points out, one amendment was withdrawn before the proceedings that would have given the Department of Homeland Security sweeping and, more importantly, superseding authority. When it was in, CISPA would have been a DHS trump card, essentially, overruling any local or state legislation that contradicted it. That's gone.
That doesn't, though, mean that you should stop worrying about CISPA. As the EFF makes all too clear, the truly concerning parts of the bill -- the ones that give the government the right to conduct surveillance on your internet everything without your knowledge or permission -- are firmly in place.
Weighing even more heavily on the scary side of the ledger was an amendment from Rep Ben Quayle (R - AZ) that broadened those activities that would fall under government jurisdiction and surveillance. As TechDirt observes:
Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.
Quayle, who was also a co-sponsor of SOPA, effectively made it so that any suspicion of anything illegal on the internet -- not just the vague Chinese cyber warfare threats the bill had built its stature on -- is enough for the government to go through your entire online life.
What's perhaps most surprising, and in some ways most damning, about today's vote was the timing. It had been planned for tomorrow, Friday, for some time, and was pushed up just this afternoon. And concluded, conveniently, after many voters had long since stopped paying attention to the news. By tomorrow morning, it will have been washed away by a fresh news cycle and three day weekends and general Friday apathy.
That doesn't mean that CISPA is a fact of life now, though. Far from it. The majority Democratic Senate has yet to vote, and even if it manages to pass both legislative bodies, President Obama has already promised a veto.
Unlike SOPA, against which much of the tech community rallied, most internet heavyweights have expressed their support for CISPA. Some notables include:
AT&T Boeing CTIA - The Wireless Association Cyber, Space & Intelligence Association Facebook IBM Independent Telephone & Telecommunications Alliance Information Technology Industry Council Intel Internet Security Alliance Lockheed Martin Microsoft National Cable & Telecommunications Association Oracle Symantec TechAmerica US Telecom - The Broadband Association Verizon
And that's far from the complete list.
Comparisons between SOPA and CISPA have been cropping up, and they're inevitable because they're both an uncomfortable and disquieting intersection of government and internet. But the two bills are also different in crucial ways. Where SOPA aimed to prosecute, CISPA will spy. Where citizens rallied against SOPA in final days before voting, CISPA has remained largely off the radar. Where tech giants stood up against SOPA, they've lined up to join the CISPA caravan.
Where does that leave us? One step closer to an online police state that borders on the dystopian. And that's not hyperbole; that just what happens when people who both fundamentally and wilfully misunderstand the nature of the interent try to regulate it. Your entire life is online. And unless the US Senate takes a stand, or Obama follows through on his veto promise, it'll soon be an open book to the US government.
What is CISPA?
CISPA is a proposed national "cyber security law" bouncing around the US Congress...
The intent of the Cyber Intelligence Sharing and Protection Act, introduced by US Representative Michael Rogers (R-MI), is to protect America's internet interests (both governmental and our precious YouTubes) against attacks. It's technically an amendment to the National Security Act of 1947, but would have sweeping 21st century consequences. Rogers cites China as a main threat -- conventional wisdom does say they're constantly trying to breach American networks, along with Russia and Iran -- but this goes way beyond Cold War hack paranoia, and into your laptop.
...that would let websites you use hand over your personal data and read your email...
The scariest part of CISPA is how astonishingly broad and loose it is, like some sort of giant, poorly built rope bridge. Over a volcano. CISPA would permit any private company (Facebook, YouTube, Instagram, Pinterest, Google, you name it) to give away any and all data it's collected on you when asked by a government agency. Literally any government agency. This data would then head to the Department of Homeland Security.
...based on very vague terms...
CISPA says companies need to give up your information only in the face of a "cyber threat". So, what is a "cyber threat"? Nobody really knows! The bill defines it as "efforts to degrade, disrupt or destroy government or private systems and networks". In other words, trying to do bad stuff on the internet, or even just talking about it. Ideally, this would be narrowed to specific malicious LulzSec stuff like DDoS attacks, but it's not. It can be almost anything!
...with very little oversight...
Would Facebook need to be given a warrant or subpoena before spilling your data to the feds? Nope! Would you ever be informed that you data had been released? Nope! What if you think the government has accessed your personal stuff without cause? Too bad! They're 100 per cent immune, as long as the groups involved acted in "good faith", which legally means pretty much zilch. All previous laws that protected your privacy against government eavesdropping, like the Wiretap Act and the Electronic Communications Privacy Act, would be overridden.
...and some powerful backers...
Facebook, Google and Microsoft all support CISPA. Why? Because they don't want to get hacked, and they think this will keep them safe(r). Are they right in this? Maybe, but they're also ignoring the government can look at anything they want whenever they want however they want aspect of the bill.
...and one very, very powerful critic. The President Of The United States.
The White House is having none of this CISPA nonsense:
Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation's core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.
President Obama says he'll veto the bill if it lands on his desk.
But! Lets try to make sure it doesn't get that far: For any US residents who might be reading this (given that a bill that affects companies that operate out of the US but service Australia logically affects Australia as well) the EFF has an easy tool to find representatives so you can tell him and/or her that you don't want to be sold out by Facebook and spied on by the government.