When word broke last week that the Cyber Intelligence Sharing and Protection Act, the twice-defeated bill known as CISPA, was being re-revived by Rep. Dutch Ruppersberger (D-Md.), it wasn’t clear if the zombie legislation would be updated to address the myriad concerns with previous versions. We combed through the full text of the bill and, nope, it’s exactly the same, word for word for overly broad data-scooping power-granting word.
The reintroduced CISPA (HR 234) is identical to HR 624, the CISPA bill that passed the House in 2013 and stalled out in the Senate. Nevermind that the Senate already refused to vote on an identical bill. Perhaps there is some unspoken Beetlejuice rule among Congressmen where Ruppersberger is hoping to invoke to a vote by saying the same damn thing three times.
Like the Patriot Act, which conferred massively broad powers in response to security threats, CISPA employs vague language to grant the government an enormous amount of wiggle room when it comes to justifying privacy violations.
To recap it for you, under CISPA, no warrants or subpoenas are required for collecting and sharing personal data, as long as the action falls under the so-broad-as-to-be-essentially-meaningless umbrella of “to protect the national security of the United States.” The data siphoned and disseminated by the government would be exempt from the Freedom of Information Act.
CISPA’s information-sharing goal is not inherently malicious or anti-privacy. Of course the government wants whatever powers necessary to prevent, assess, and shut down cybersecurity threats. But the bill as it is written is an unambiguous threat to privacy.
The bill only grants powers to share data when a cyber threat is imminent. It defines a cyber threat as either “efforts to degrade, disrupt, or destroy such system or network” or “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” This definition would make any instance of cybercrime an opportunity to collect and disseminate data. And if the NSA’s track record is any indication (which, come on, it is) this would make anyone even remotely connected to an instance of cybercrime vulnerable to government and corporate data-siphoning.
One troubling aspect comes from the lack of limitations on how corporations can use the data they receive. CISPA encourages companies to share data with personal identifying information with government agencies, and with other companies if it relates to a threat.
Read more at: GIZMODO