CISPA is back. You might remember the bill as the Cyber Intelligence Sharing and Protection Act—or perhaps as "the worst privacy disaster our country has ever faced." Rep. Dutch Ruppersberger reintroduced the bill to the House Intelligence Committee on Friday under the auspices of preventing another Sony hack.
Silly Dutch. (The congressman is @Call_Me_Dutch on Twitter, so I'm calling him Dutch.) Why so silly? Well, in order to comprehend what Dutch is doing you have to understand what CISPA is supposed to accomplish. Hint: It has nothing to do with preventing another Sony attack.
CISPA is a privacy nightmare
You thought Facebook's privacy policy was bad? CISPA is a much-loathed piece of legislation that's ostensibly designed to protect the United States from cyberattacks by making it easier for agencies like NSA to obtain data from tech companies—or any company really. In polite terms, CISPA lets these companies share your data with government agencies, but in practice, government agencies can more or less force them to hand it over.
Do you really want Uncle Sam digging through your Facebook data or sifting through your Gmail inbox or reading your private Twitter messages? President Obama doesn't, and he threatened to veto the bill if it ever made it to his desk a couple years ago when CISPA was first introduced. The list of privacy advocates, lovers of liberty, and various other groups that opposed the legislation is pretty long, too.
CISPA is bullshit
The really maddening thing about CISPA isn't just that it gives government agencies access to your private, personal data; the Edward Snowden revelations already showed that they have plenty of that to begin with. It's how easy the bill would make that data collection and delivery. No subpoenas, no warnings, no protests, nothing. All your data are belong to the U.S.
CISPA is also super vague when it comes to justifying what constitutes a serious enough cyber threat to invade citizens' private places. The bill defines a "cyber threat intelligence" as "information… directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity." Okay, so that's pretty broad.
CISPA says that "cyber threat" could either be (a) "efforts to degrade, disrupt, or destroy such system or network" or (b) "theft or misappropriation of private or government information, intellectual property, or personally identifiable information." We can only assume that those definitions would be interpreted rather broadly by the NSA, given the NSA's precedent of the casting the widest possible net at all times.
CISPA is a pretend solution
Privacy advocates (including the president!) have made it clear that CISPA stomps all over civil liberties. What's even more absurd is that there's not really anything in the bill that would guarantee that the legislation would make the country any safer against cyberattacks.
Take the Sony hack, which, after all, is the inspiration for CISPA the Sequel. TechDirt's Mike Masnick makes a very salient point, when he explains that there's no indication that the would've stopped the Sony hack in the first place. Masnick writes:
CISPA is focused on getting companies to share more information with the government (including the NSA and DHS), but there's no indication that Sony would have actually opened up its network for the NSA to snoop through and find these hackers (wherever they might have come from). Even if Sony had opened up its system to the government, it seems unlikely that the NSA would have magically spotted this hack and done anything about it.
Instead, using the Sony Hack as a hook is a cynical political ploy for a losing idea that is designed to harm the public and take away their privacy.
A cynical political ploy, huh? Why would Dutch want to resurrect a cynical political ploy?
CISPA gets the NSA off the hook
So if the bill's so unpopular and awful, it seems like a pretty silly move for Dutch to reintroduce it. But think of it this way. The congressman literally represents the district in Maryland where the NSA is headquartered. Dutch also happens to be a senior Democrat on the House Intelligence Committee, and the bulk of his campaign contributions come from defense companies. More specifically, his pockets are lined with money from companies that stand to profit from aggressive cyber security spending. BAE Systems is a great example.
If the president keeps his promise, CISPA will never become a law. However, Dutch looks like a real team player to the intelligence and defense industries for championing a piece of legislation that might possibly make their jobs easier—regardless of whether it stomped all over Americans' civil liberties. Imagine: If CISPA were a law, maybe the NSA wouldn't have to apologize for spying on you all the time!
CISPA is a great excuse to come up with a real solution
Politics aside, it's clear that we could be doing more to protect ourselves against a cyberattack. Whether it committed the Sony hack or not, North Korea doesn't like us very much and has a lot of hackers at their disposal. Meanwhile, as Edward Snowden points out, the NSA and other intelligence agencies seem much more focused on surveillance than they do security.
So get mad about CISPA. Get mad and call your congressman. Because this threat to civil liberties could either be (a) a privacy nightmare that doesn't protect anybody at all or (b) a great excuse to figure out a plan that does protect us against a cyber attack. That's actually a good idea.