CISPA: The Awful Anti-Privacy Law That Won't Prevent Another Sony Hack

CISPA: The Awful Anti-Privacy Law That Won't Prevent Another Sony Hack

CISPA is back. You might remember the US bill as the Cyber Intelligence Sharing and Protection Act -- or perhaps as "the worst privacy disaster [the United States] has ever faced." Rep. Dutch Ruppersberger reintroduced the bill to the House Intelligence Committee on Friday under the auspices of preventing another Sony hack.

Silly Dutch. (The congressman is @Call_Me_Dutch on Twitter, so I'm calling him Dutch.) Why so silly? Well, in order to comprehend what Dutch is doing you have to understand what CISPA is supposed to accomplish. Hint: It has nothing to do with preventing another Sony attack.

CISPA is a privacy nightmare

You thought Facebook's privacy policy was bad? CISPA is a much-loathed piece of legislation that's ostensibly designed to protect the United States from cyber attacks by making it easier for agencies like NSA to obtain data from tech companies -- or any company really. In polite terms, CISPA lets these companies share your data with government agencies, but in practice, government agencies can more or less force them to hand it over.

Do you really want Uncle Sam digging through Facebook data, sifting through Gmail inboxes or reading private Twitter messages? President Obama doesn't, and he threatened to veto the bill if it ever made it to his desk a couple years ago when CISPA was first introduced. The list of privacy advocates, lovers of liberty and various other groups that opposed the legislation is pretty long, too.

CISPA is bullshit

The really maddening thing about CISPA isn't just that it gives government agencies access to private, personal data; the Edward Snowden revelations already showed that they have plenty of that to begin with. It's how easy the bill would make that data collection and delivery. No subpoenas, no warnings, no protests, nothing. The US owns that data.

CISPA is also super vague when it comes to justifying what constitutes a serious enough cyber threat to invade US citizens' private places. The bill defines a "cyber threat intelligence" as "information... directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity." OK, so that's pretty broad.

CISPA says that "cyber threat" could either be (a) "efforts to degrade, disrupt, or destroy such system or network" or (b) "theft or misappropriation of private or government information, intellectual property, or personally identifiable information." We can only assume that those definitions would be interpreted rather broadly by the NSA, given the NSA's precedent of the casting the widest possible net at all times.

CISPA is a pretend solution

Privacy advocates (including the president!) have made it clear that CISPA stomps all over civil liberties. What's even more absurd is that there's not really anything in the bill that would guarantee that the legislation would make the US any safer against cyberattacks.

Take the Sony hack, which, after all, is the inspiration for CISPA the Sequel. TechDirt's Mike Masnick makes a very salient point, when he explains that there's no indication that the would have stopped the Sony hack in the first place. Masnick writes:

CISPA is focused on getting companies to share more information with the government (including the NSA and DHS), but there's no indication that Sony would have actually opened up its network for the NSA to snoop through and find these hackers (wherever they might have come from). Even if Sony had opened up its system to the government, it seems unlikely that the NSA would have magically spotted this hack and done anything about it.

Instead, using the Sony Hack as a hook is a cynical political ploy for a losing idea that is designed to harm the public and take away their privacy.

A cynical political ploy, huh? Why would Dutch want to resurrect a cynical political ploy?

CISPA gets the NSA off the hook

So if the bill's so unpopular and awful, it seems like a pretty silly move for Dutch to reintroduce it. But think of it this way. The US congressman literally represents the district in Maryland where the NSA is head-quartered. Dutch also happens to be a senior Democrat on the House Intelligence Committee, and the bulk of his campaign contributions come from defence companies. More specifically, his pockets are lined with money from companies that stand to profit from aggressive cyber security spending. BAE Systems is a great example.

If the president keeps his promise, CISPA will never become a law. However, Dutch looks like a real team player to the intelligence and defence industries for championing a piece of legislation that might possibly make their jobs easier -- regardless of whether it stomped all over Americans' civil liberties. Imagine: If CISPA were a law, maybe the NSA wouldn't have to apologise for spying on you all the time!

CISPA is a great excuse to come up with a real solution

Politics aside, it's clear that the US could be doing more to protect itself against a cyber attack. Whether it committed the Sony hack or not, North Korea doesn't like America very much and has a lot of hackers at their disposal. Meanwhile, as Edward Snowden points out, the NSA and other intelligence agencies seem much more focused on surveillance than they do security.