Why CISPA Could Do More Harm Than Good

    April 25, 2012
    Abby Johnson
    Comments are off for this post.

Are you familiar with the Cyber Intelligence Sharing and Protection Act? The bill, which is more commonly known as CISPA, is getting a considerable amount of criticism from both Internet and consumer advocates. Many of these groups are equating it with SOPA and are hoping that it will receive the same outcome.

CISPA, and other cybersecurity bills, has recently become front and center as cyber threats have grown more prevalent. Numerous lawmakers are pushing for legislation in hopes of lessening the concerns.

But, what would CISPA actually do? And, would it have the same impact that SOPA would have had? According to the bill itself, the goal is:

“To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”

How do you feel about CISPA? Are you for or against it? Why or Why not? Please share.

Aside from the Internet-related legislation, CISPA is not very similar to SOPA. CISPA is geared toward cybersecurity concerns and, primarily, the sharing of cyber threat information between the private sector and the government. SOPA, on the other hand, was focused on intellectual property and was pushed by the entertainment industry to address piracy issues.

Ryan Radia, Associate Director of Technology Studies at the Competitive Enterprise Institute “The bills don’t have many similarities beyond the basic idea that they are both forms of government overreach,” Ryan Radia, the Associate Director of Technology Studies at the Competitive Enterprise Institute (CEI), told WebProNews.

The reason, however, that so many have associated the bills with each other is due to the implications they would have. According to Radia, the basis of CISPA is well intentioned, but the wording of it is dangerous.

As he explained to us, even though the bill has had multiple amendments, it is still too vague. The main controversy is in how “cyber threat information” would be interpreted and, also, what the government would do with it.

“The information that you hand over to, say, Google, Facebook, Yahoo, etc., may have some nexus to a so-called cyber threat – that information could end up in the government’s hands not only for use in fighting off cyber attacks, but for use in, say, run of the mill criminal prosecutions,” said Radia.

For instance, he told us that language such as “unauthorized access” could not only apply to hackers, but that it could also apply to users’ stretching the truth online. In other words, it could give the government access to Facebook users that lie about their age or to people that use their employer’s computers to watch YouTube videos.

“Should lying about your age and weight on an online dating site be a federal crime?” asked Radia. “I don’t think so… this bill doesn’t make it a crime but gives government access to information that could relate to such crimes.”

With this broad language, CISPA could drastically change all existing laws pertaining to criminal, civil, statutory, contractual, and various other cases. Although the government would not be able to use the information it receives for regulation purposes, Radia told us that CISPA would be a “prosecutor’s dream” since they could avoid obtaining court orders and other forms of red tape.

As a result of these implications, privacy activists believe CISPA is a violation of consumer privacy rights. Radia agrees saying it poses “a very real risk to privacy.”

“Under CISPA, we could see a whole host of information being shared with the government in ways that do represent a very real threat to privacy and that offend the basic 4th Amendment principle that we should be free from unreasonable searches,” said Radia.

There are numerous petitions to stop CISPA, including one from Demand Progress and one from Avaaz. The Electronic Frontier Foundation (EFF) has also been particularly outspoken about the harm CISPA would bring and even launched a campaign last week in protest of the bill. The EFF is hoping to give the government too much information in the form of its CongressTMI hashtag in order to “showcase the types of unnecessary private data that could be swept up under CISPA.”

Wherever You Go, Whatever you do, Whoever you are, You are under surveillance! #StopCISPA #CongressTMI #CISPA http://t.co/OPpwXJm3 3 days ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

Mad about #CISPA ending your privacy? Show Congress how annoying your data is – like a DDoS of boring! #CongressTMI http://t.co/PMI0SgH4 2 hours ago via Tweet Button ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

.@EricCantor #EndingOurPrivacy with #CISPA? OK: Just took my dogs out. #CongressTMI. http://t.co/s3isYWDd 42 minutes ago via Tweet Button ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

.@frankguinta Does the NSA really need to know I write posts related to political topics? #CongressTMI Stop #CISPA https://t.co/P88YCbf2 2 hours ago via Tweet Button ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

While these campaigns to stop CISPA are reminiscent of the Internet blackout in January in protest of SOPA, the Internet community has been less than active in regards to this latest piece of legislation. If you recall, almost every corner of the Internet had some form of protest from Reddit going dark to the Internet community creating memes in protest of SOPA.

It’s not entirely clear if it’s due to apathy or just ignorance of the bill, but CISPA doesn’t face as much criticism from the Internet as a whole as SOPA did. The Avaaz petition, which is also referenced on Reddit’s front page, has over 700,000 signatures, but it pales in comparison to the anti-SOPA petition that received over 3 million signatures. It’s clear that many people just don’t see the same threat in CISPA that they did in SOPA.

Incidentally, Tim Berners-Lee, who is one of the “fathers of the World Wide Web,” recently spoke to the Guardian and expressed his concern for CISPA.

“[It] is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world. Even though the Sopa and Pipa acts were stopped by huge public outcry, it’s staggering how quickly the US government has come back with a new, different, threat to the rights of its citizens.”

Unlike SOPA, Internet giants such as Google and Facebook support CISPA, which has produced a divided perspective from the Internet community. Radia, however, told us that many of these companies are backing the bill for its core purpose – to make sharing information easier.

“Companies aren’t supporting this generally because they really want to screw consumers or take away their privacy, but rather, they want more freedom to share information,” he said.

“How much is less clear,” Radia continued. “This bill would give them, perhaps, too much freedom and give government too much freedom.”

In addition to CISPA, there are several other cybersecurity bills in Congress. One is the Cybersecurity Act of 2012, which puts a regulatory approach on cybersecurity, and is backed by Sens. Joe Lieberman and Susan Collins. Senator John McCain has also introduced a bill called the Secure IT Act that focuses on information sharing and gives more power to the private sector instead of the government.

Other bills including the Security Amendments Act of 2012, the Cybersecurity Enhancement Act, and the Precise Act, are also being discussed but have not received as much media attention as the others.

“Every one of these bills has a broad immunity grant for private sector information sharing with government,” said Radia. “None of them, in their current versions, have careful limits on the use and on… the conditions the government can place on private entities.”

He believes that the Precise Act is the best one introduced up to this point but that, even it, borrows from the broad language of CISPA.

In spite of all this focus on cybersecurity, Jerry Brito, the Director of the Technology Policy Program at George Mason University, recently told us that, the rhetoric in Washington about it is being overblown.

“There really is little evidence for us to believe that we are on the brink of real calamity,” said Brito.

Radia agrees with Brito and even suggested that cybersecurity legislation may not provide a real solution to the concerns. He, like Brito, is not convinced that a law, especially one of the bills already introduced, would actually reduce cyber threats.

“What we need is a rifle shot – a narrow, careful target approach to ensure that the very specific types of cyber threat information are being shared with private entities and with government,” he pointed out.

In terms of CISPA, specifically, Radia thinks it has a 50/50 chance of becoming a law. He said that it could pass the House but, beyond that, it could go either way.

Last week, the White House issued a statement to The Hill that indicated its opposition to the bill. Although she avoided calling out CISPA directly, National Security Council spokeswoman Caitlin Hayden said:

“The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone. Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs.”

The White House putting their weight behind the anti-CISPA efforts will help, but it seems that the bill is already undergoing some changes to improve the legislation. A recent OP-ED on Mashable reveals that the authors of the bill are currently in talks with Internet companies to reach a compromise that would satisfy all parties, including privacy-minded citizens. It’s this willingness to work with Internet companies to reach a compromise that may set CISPA apart from SOPA the most.

The House of Representatives is scheduled to vote on CISPA this week. On Digital Trends, Andrew Couts points out that, according to House Majority Leader Eric Cantor’s schedule, the House will begin debating CISPA on Thursday, April 26, and that a vote will happen no later than Friday afternoon.

Could CISPA help reduce cyber threats, or is it a threat itself? Please share your thoughts.

  • Spamexterminator

    Ok there are issues online no doubt but a new bill to invade everyone’s privacy is not and never will the answer. What they haven’t realized is that they have become the Cyber Criminals and Should be dealt with as such. So CISPA is “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.” Are your effin kidding me don’t let them fool you they already doing this and have done it since the age of public internet. They just want to legally be able to monitor every aspect every single persons life. They want to catch a Cyber Criminal before he breaks the law, and in an Ideal world that would be nice but Government’s Intelligence is not ideal nor is it the voice of it’s people anymore. This “BILL” could and most likely will turn Law Abiding citizens into a Cyber Criminals, after all they use a computer to flag key words that they will collect over time and once the computer sees enough of these words you are then classified as a Cyber Criminal. So basically your freedom is at the mercy of a computer Terminator anyone. Their new “BILLS” to “Make The Internet A Safer Place” no matter how well intentioned WILL be abused and by all entities. The Government is no longer by the people for the people and you’re it is time for a change. How far away are we from becoming Nazi-Germany? HAIL PRESIDENT.

    • http://cass-hacks.com Craig

      Where does it say anything about the bill giving anyone the right to invade anyone’s privacy?

      For what it’s worth, Radia’s claim of ‘but for use in, say, run of the mill criminal prosecutions’ is sensationalistic, far fetched and basically willfully ignorant of juris prudence and how the law and legal system work.

      If a given criminal case involves malicious network activity, it would only be reasonable and admissible in court for cyber-security related information to be included as evidence as that is the evidence directly pertaining to the case.

      On the other hand, if one tried to guess the password to their friends email account, the judge would laugh whoever brought that fact up right out of court if the alleged crime were say, speeding.

      As for people thinking the government wants to monitor them, take it down a notch or two, the self-important paranoia people display is amusing at times but it does get old. :-(

      Last I checked, people suffering from paranoid delusions were treatable but it seems people aren’t taking their medicine. 😉

  • Steven Marshall

    I think this is horrible!!! this is invasion of our privacy through and through. This needs to be stopped from going into play!

  • Sanity

    “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”

    1. It is the … “and for other purposes” which should be of concern.

    2. Why does there need to be legislation for the intelligence community to share information?

    • Spamexterminator

      Exactly! It’s a slide of hand trick, they already share information through; E-Mail, Fax, Phone, and but not limited to Police/Military Band Radio.

    • http://cass-hacks.com Craig

      You don’t want there to be limitations on what they can share?

      I’m not paranoid but I’m not thtupit either. 😉

      Fact, without any rules in place to put limits in place, they WILL share whatever they can to close cases.

      Without some kind of rules or guidelines in place somewhere or somehow, which there currently aren’t, they can basically do whatever they want with whatever they collect.

  • Geektrader

    Avaaz has a petition against CISPA, if everyone signs it, maybe we can stop it:


  • http://www.publistudioltda.com/ producción de video y diseño web en colombia

    Cispa , Sopa, both are idea for restict our minds, internet is free, no private, i hope the good for the human being

  • http://cass-hacks.com Craig

    A lot needs to be worked out but look at it this way, the sharing of cyber-security related information, with privacy protection in place, is very similar to what the Center for Disease control does, collect information from medical sources around the world and distills it into best-course-of-action guidelines including the development of vaccines.

    With a well implemented system, bot-nets could be stopped in their tracks, hacks that work across thousands of unprotected servers could be stopped after the first one is compromised.

    People who seem more than willing to double-click on anything and everything they get in an email would be free to do so without having to worry about their contributing to an unsafe cyber-world due to their ignorance.

    If so many people weren’t ignorant to the point of being a danger to themselves and others, there wouldn’t be botnets with millions and millions of compromised systems in even just one of them so to think that the ‘average’ netizen can take care of themselves is an argument that was decided long ago.

    I don’t know who or what is the greater threat, hackers or those who ignorantly give them a playground to hide in.

    Either way, if anyone thinks that the current paradigm of every network being an island when hackers are creating oceans to attack them with is going to work, maybe should think again.

    Besides, you know agencies are going to share information anyway, as they already do. With legislation though, there is a chance that they can be guided to use the abilities they have for all our benefit with there being more transparency.

    I hate government intervention in just about everything but I fear the ignorance of the average user of the Internet and the tools they give hackers more.

  • http://cass-hacks.com Craig

    This is hilarous: (Taking each statement in turn)
    “The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone.”

    Yes, so just as we do with insisting that energy solutions which might pan out 20 years down the road are the road to take and ignore the problem that we are in currently regarding energy, we’ll try the same thing with the security of our country, its businesses and people because we can only run for one more election anyway. Let’s just do nothing for now, m’Kay?

    “Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens.”

    Maybe someone should bring Caitlin (find me a nerd who understands this) Hayden up to speed on the work over the past decade or so that various standards organizations have been doing in this area.

    I know it’s new stuff but maybe she can read the cliff-notes in time for her next proof of what little she and the administration know about technical matters.

    “Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs.”

    This is the best one of all. Play the ‘privacy’ card when you don’t know what you are talking about because those who know even less will at least know of the term ‘privacy’, even though no two people are likely to agree on what that means.

    In the current administration, the blind are leading the blind and unfortunately they know their constituency only too well to know they can and likely will get away with it. :-(

  • http://www.onlinetv.us Randy Penn

    The problem is the idiotic fantasy that government should be involved in anything online. They have enough problems protecting their own sites and systems without being given some stupid authority to spy on its’ slaves. All the powers want is a doorway to force community sites to give them the access to your private data. Once that precident is set they have it all.

    While computers are an incredible tool for communication and creativity they also provide a central source of information for commerce and supressive societies to control their human resources and keep their control over information and thought.

    When you start to realize how little privacy there is on the Internet you may no longer want a legitimate identity and prefer to create a pseudo entity that cannot be tracked for advertising targeting or government targeting.

  • http://www.captaincyberzone.com Cap’n Cyberzone

    If you are ignorant and/or love Communism (making you a masochist) keep voting the same people into elected office that you have been until eventually those people take away your vote!

  • http://www.r-evolution-tv.com/ Henri H

    it simply is just another attempt from governments to be able to search records and label somebody as a (internet) threat and pull them in for “questioning”. sure there are issues on the net but nobody is a bigger threat to FREEDOM then politics. (note: i didn’t say politicians!) please feel free to suggest topics to R-Evolution-tv.com

  • http://www.powerweeder.com mal C

    basically what has happened is our elite “cloud9” money men have lost control of information released, via internet. they control all the other media but severly underestimated the potential of the internet.they have now realized it can expose corruption (ie them)so now they must have control, of which i believe they will get as it is not our vote.sad for humanity

  • http://www.goldcurrent.net Gold Current

    Enough of this police state BS from Washington already!

  • http://www.youtube.com/watch?v=G4jXkh6ctuQ James Cochrane

    I have already written to my representatives about how against this piece of power grabbing legislation is. Essentially, this gives the government the right to shut down any site at will. Obama doesn’t like you saying something bad about him? He’ll shut you down (or at least the agencies that will be set up to handle this). This is an assault on our free speech plain and simple. Everyone reading this page should make anyone you know aware of it.

    It’s also amazing how the main stream media is keeping mum about this.

  • http://www.computerhowtoguide.com Tech Blog

    They just won’t give up won’t they? It’s about time that we unite and boycott these bills for good! Internet should never be filtered as the politicians always wanted and consider it a bigger threat to themselves.

  • Casey Jones

    any bill Congress creates is always too vague and is designed to let some special interest party do their illegal tasks legally. As Congress they will of course design any bill as to not allow whatever agency wants to use it as a “threat reduction” to threaten the members of Congress, the largest body of law breakers in the USA. If the groups want to share data to help each other and they see a mutual advantage they will. Why create a law which allows some petty government agency to get what they couldn’t so before so they can feel important and justify a bonus for protecting the nation/

  • http://www.laymanwebdesign.com Obdurate

    Looks like the internet community is finally starting to pay attention to the same things the Tea Party has been bitchin’ about for the past few years.

    The big concern here has to be the “and for other purposes.” They start with legislation that seems to be for our safety – to protect us from cyber threats – but in a few months they’ll amend this bill to add the rest of the SOPA details.

    SOPA was just to test the waters and see how much resistance there was. CISPA is a way to back off and let us think it’s for our safety with the intention of adding and amending later on so they can snoop deeper.

    As Benjamin Franklin is quoted as saying: “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

  • http://moinsbd.wordpress.com moinsbd

    Why ? Why ? Why ? Why ? Why ? Why ? Why ?
    We are happy now and enjoying technology , teching people , getting help , making knowledge , making knowledge database . But if CISPA passed , everything will be lost and . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOINSBD

  • mr concerned

    I Love to see everyone’s responses to this.
    1: If you want to see the agencies involved (other than the citizens) back down from an act like this. Get involved and let’s make it OK for them to pass a law to share info, and regulate the regulaters. Make provisions where the methods of collection and use must be published and reviewed by all parties involved including private sectors. As most of us agree that this (collecting and using) is already going on, it would make it OK for the powers that be to use some of this information they have to prosecute criminals, and it would let us (the good guys) make sure it is being done in a constitutional manner. I am 99% sure that it would not fly because it would likely expose what is already going on, but there is obviously a strong desire and a need at some level for some laws to exist, but lets try to start with the first ones we try in a practical situation are not open ended laws that can be easily amended and have no system of checks and balances.
    ANd PS. to the comment about starting to vote for different people…. I think you should think more like the way the rest of the real world works…. find a way to get the people you think are legit into office. (Even if you can make it look like the voters chose the right person… that is all show… review American Govt 101, our votes don’t elect, we gave that power to the system at the very beginning.

  • donny price

    Get rid of it!!! Write your representatives and congressman stop this invasion of privacy NOW!!!

  • Rwolf

    Government Asset Forfeiture To Escalate If U.S. Senate Passes CISPA Legislation

    CISPA the Cyber Intelligence Sharing and Protection Act if signed into law will allow——the military and NSA warrant-less spying on Americans’ confidential electronic Communications; any transmitted private information circumventing the fourth amendment. CISPA will allow any self-protected cyber entity to share with the Feds any person’s private information that might allegedly relate to a cyber threat or crime. Considering the U.S. Government’s current business relationship with telephone and Internet companies, it should be expected the feds would use CISPA to gain unprecedented access to lawful Americans’ private electronic communications. Almost every week news media reports corrupt police arrested for selling drugs, taking bribes and perjury. It is foreseeable that broad provisions in CISPA that call for private businesses / cyber entities to share among themselves and with Spy Agencies confidential information will open the door for corrupt government and police to sell a corporations’ confidential information to its competitors, foreign government and others. CISPA provides insufficient safeguards to control disposition of (shared) confidential corporate / cyber entity information, including confidential information shared by spy agencies with private entities derived from spying on Americans.

    The recent House Passed Cyber Security Bill overrides the Fourth Amendment. Government may use against Americans in Criminal, Civil and Administrative courts (any information) derived from CISPA warrant-less Internet spying.
    CISPA will open the door for U.S. Government spy agencies such as NSA; the FBI; government asset forfeiture contractors, any private entity (to take out of context) any innocent—hastily written email, fax or phone call to allege a crime or violation was committed to cause a person’s arrest, assess fines and or civilly forfeit a business or property. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay.

    CISPA (warrant-less electronic surveillance) will enable the U.S. Justice Department to bypass the Fourth Amendment, use information extracted from CISPA electronic surveillance) of Americans’ Web Server Records, Internet Activity, transmitted emails, faxes, and phone calls to issue subpoenas in hopes of finding evidence or to prosecute Citizens for any alleged crime or violation. If the current CISPA is signed into law it is problematic federal, state and local law enforcement agencies and private government contractors will want access to prior Bush II NSA and other government illegally obtained electronic records to secure evidence to arrest Americans; civilly forfeit their homes, businesses and other assets under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police become dependent on “Asset Forfeiture” to help pay their salaries and budget operating costs?

    Note: the passed “Civil Asset Forfeiture Reform Act of 2000” (effectively eliminated) the “five year statue of limitations” for Government Civil Asset Forfeiture of property: the statute now runs five years (from the date) police allege they “learned” an asset became subject to forfeiture. If CISPA takes affect, allows (no warrant) electronic government surveillance of Americans, it is expected CISPA will be used by government not only to thwart cyber threats, but to aggressively prosecute Americans and businesses for any alleged crime: U.S. Government spy and police agencies; quasi government contractors for profit, will relentlessly sift through Citizen and businesses’ (government retained Internet data), emails and phone communications) to discover possible crimes or civil violations.

    A corrupt U.S. Government Administration too easily use CISPA no-warrant-seized emails, faxes, Internet data and phone call information) to target, blackmail and extort its political opposition; target any Citizen, corporation and others in the manner Hitler used his Nazi passed legislation that permitted no-warrant Nazi police searches and seizure of Citizens and businesses or to extort support for the Nazi fascist government. Hitler Nazi Laws made it possible for the Nazis to strong-arm German parliament to pass Hitler’s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens. History shows how that turned out.

    CISPA warrant-less electronic surveillance) has the potential of turning America into a Fascist Police State.