Boston, Donuts and CISPA
STORY BY David Vyorst
Published: April 21, 2013
Last week before the Boston drama had played out, a friend’s post on Facebook piqued my interest. She described the logistics that the Boston marathon bombers would have to have taken into account and then commented, “Hate to say it, but there's a very specific googling pattern here ... Not that I'm promoting invasion of privacy, but since it's already happening why not put it to good use.”
Two days later CISPA, or The Cyber Intelligence Sharing and Protection ACT (HR 624) passed in the U.S. House of Representatives. The thing about CISPA is that it enhances what my Facebook friend described as already happening. More specifically, it enhances huge Internet companies’ (read Google, Facebook, Amazon, and Twitter) ability share personally identifiable data with the feds.
CISPA is a cyber security bill purportedly in response to the massive hacking and various cyber attacks that have been made against U.S. based assets recently. These threats are real and substantial, and our government should be taking active and aggressive actions both offensive and defensive to combat them. However, CISPA provides a blank check of broad protections to companies that share your data with various government agencies. According to the Electronic Frontier Foundation:
It is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.
CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files.
CISPA V. SOPA
Last year’s defeat of the Stop Online Privacy Act (SOPA) was hailed as a great triumph for the cyber-activist forces of democracy. Along with well publicized blackouts outs of Google, Wikipedia, Reddit, and an estimated 7,000 other sites on January 18, 2012, millions participated in activism both on and offline, causing a tsunami of opposition that rendered the bill politically toxic. Heavily backed by the entertainment industry, SOPA sought to curb digital piracy and counterfeit and struck a deep nerve in the Internet consciousness because it could have given government the authority to interfere with ISP’s, DNS resolution, search engine listings and more - all in the name of protecting Hollywood and the music business.
This time, industry has largely fallen inline. Last week an industry group Technet, that has “Yahoo's Marissa Mayer, Google's Eric Schmidt and Microsoft General Counsel Brad Smith” on it’s executive council, sent a letter to the bill’s sponsors to let them know that they were on board with “voluntary, bi-directional, real time sharing of actionable cyberthreat information to protect networks”. This time there will be no Google blackout.
The bills supporters, include “behemoths like the Chamber of Commerce, IBM, which sent nearly 200 executives to Capitol Hill Monday to advocate for passage. Also backing CISPA: major tech, telecom and financial companies, a Who's Who of the biggest spenders on Washington lobbying”. These Washington special interests spent over $605 million from 2011 through the 3rd quarter of last year lobbying for CISPA compared to $2.7 million spent by civil liberties groups.
Almost as troubling is the timing and how the bill’s supporters in the House leveraged the Boston Marathon bombing to pass the bill while the world was distracted.
A privacy expert friend of mine commented to me on Facebook that most Americans think they’ve got nothing to hide. Let the government spy on me if it’ll “prevent another 9/11 or Boston.” We are in fact willing to give up our freedoms when we’re in a heightened state of fear from these attacks and the media spasm that necessarily bleeds forth from them. An entire city was in lock down for days to catch one kid (albeit a heavily armed kid).
Boston need not have been locked down (you gotta read the post linked to here – did you know they kept the Dunkin Donuts open!) and the feds don’t need the authority to spider your email to stop Chinese hackers. In fact, the legendary Mandiant report that exposed Chinese hackers “is just one of many instances where companies have shared a great deal of useful threat information without authority beyond what is granted to them by current law.”
The real danger is in passing anything that limits protections of privacy or civil liberties during the panic and media feeding frenzy following an attack like this. CISPA is dangerous because in its current form it removes due process from the total negation of these civil protections online. And it is exactly due process that delineates democracy from authoritarianism by preventing the arbitrary use or abuse of power. History teaches us that when political leaders leverage terrorist acts, violence, or fear to restrict individual liberties, the results are seldom good.
Have a topic you want covered? Let us know.