CISPA… SOPA, PIPA… I’m hard pressed to decide whether the US Congress has a special fondness for zombie movies where the dead just won’t stay that way, or it’s more akin to the Lannisters and all their crazy lust for, um, yeah, lust for a lot of things they shouldn’t be lusting after, that much we know.
But unlike an HBO series or a B-movie, these guys just don’t stop. Last year the internet (ok 7000+ sites with enough traffic to be noticeable) went dark for a day to protest the previous two bills, SOPA and PIPA, as being unfair to users and a government overstepping it’s bounds.
But now we have CISPA. It comes creeping in during the dead of night, taking cover in the political turmoil and heartbreaking turn of current events, hiding like a thief in the dark; as soon as you’re sound asleep, it will rob you blind and hopefully forget to set your house on fire as it steals out the door into the night.
What is CISPA, you’re quite possibly asking yourself, understandable since it doesn’t have the same cult popularity outside of Reddit and Anonymous type webbies that the last round of acronyms did. It’s the Cyber Intelligence Sharing and Protection Act, and the publicly stated purpose is to create a flow of information between the government and private companies that might be subject to cyber attacks or have knowledge of cyber attacks.
What’s the problem with that, you’re definitely asking yourself now, how can this be a bad thing? The bad thing – the very, very bad thing – is that the bill strips away the right to privacy that internet users, regular consumers, email and blog writers (pretty much everyone who uses the internet and doesn’t work for the government while doing so) currently have by virtue of the privacy policies which hosting companies, social media companies, transaction processors, etc are bound to honor. You know, those pesky links to privacy policies or Term and Conditions that state that your personal data won’t be sold or distributed or aggregated in a way that identifies YOU as the person who just bought that copy of the Koran, or sent an email to some friends traveling in China, or wrote that comment about how sequestration sucks on the ABC news web site.
How can this be, you wonder? Isn’t the FTC cracking down on privacy and data and all that good stuff for dotcoms and apps and mobile web? One would think so, but it’s really not the case. Congress is setting itself up to be the recipient of all manner of data that won’t be private, since the bill will override the privacy policies that are put into place to protect the average web surfer, and companies like Facebook and Google, LinkedIn and Twitter, will be allowed, encouraged is more like it, to hand over your information without anonymizing it; the current amendment to the bill the House passed only says that if the government gives information to a private company, they have to sanitize it before sending it. The opposite is true when the information travels from a private company to the government.
And it’s not just things you post on Facebook with a public setting, or your Tweets about how great the food is in Islamabad. It’s things like your files stored in the cloud, your emails, your texts, pretty much anything that you’ve transmitted through the space and time continuum known as the interwebs.
Obviously big companies like AT&T, HP, even Google and Facebook, have a vested interest in using government resources to warn them of potential cyber attacks, since that saves them dollars on the bottom line. And the wording of the bill takes away their liability for ratting you out, whether you are guilty of anything or not.
At the moment the House is tacking a few more amendments on to the bill, in hopes of coming up with some kind of crafting that will interest the Senate enough for them to take it to a vote. Right now the Senate doesn’t seem all that interested and Obama is threatening to veto it if it does pass in its current iteration.
I’m all for the free flow of information, but I’m also a huge privacy advocate. And telling someone their information is private, then declaring that its not, after the fact, is simply unacceptable in my way of looking at things. The lukewarm response to a web shutdown last week (~400 sites) indicates that the big companies aren’t on board when it doesn’t threaten their bottom line, as SOPA and PIPA did; any real organized movement will have to be very grassroots to overcome the massive amount of money that CISPA supporters have spent lobbying in DC for its passage.