Remember SOPA and PIPA? They're nothing compared to this.
In the name of "cyber security," and under the auspices of helping the federal government defend itself from external threats (threats outside of the United States), a new bill has been introduced to the House of Representatives called the Cyber Intelligence Sharing and Protection Act, or CISPA.
When it comes to passing a law, doing something in the name of security is always a safer bet than doing something in the name of Intellectual Property Law. Security is a visceral word that implies it has real, direct application on your safety. However, like so many other laws of late, CISPA overreaches. It grabs too many powers in the name of security, and offers too few protections to the people most likely to be affected by it -- United States Citizens.
The House of Representatives is voting on it Friday.
"But what is it," you ask? It's a fair question. Activists trying to defeat it compare it to SOPA and PIPA, but call it worse. I think this is an imperfect explanation. A post on Reddit summarizes this new bill perfectly:
SOPA was meant to stop piracy. CISPA is going to kill all privacy on the net.
CISPA is a bill that makes it easier for the United States Government to spy on American citizens. It allows private companies to share information with the government. Any information. It makes this information sharing "voluntary," but then adds full legal protections for any company that does as long as it does so in "good faith."
It doesn't, as far as I know, define what "good faith" is in any meaningful way.
It states that this data "should" be made "as anonymous as possible" but it doesn't set any kind of benchmark for anonymity, nor does it apply any penalties towards companies that decline to do so. In order to facilitate this information sharing, it would allow Internet Service Providers to monitor the private communications of its customers (read your emails, monitor your chat sessions).
It will make this information available not to the civilian law enforcement agencies in the Federal Government, but to the Department of Defense and the NSA. The DoD can ask private companies to look up specific information about a citizen, and while the private company isn't required to do so, it will be fully protected under the law if it does.
Any question. There is no vetting, the bill provides for no oversight, the bill mentions no penalties for any party, government or otherwise, that misuses this information.
The sad thing is, bills like this are often passed with good intentions and noble purposes. And a bill like this could, in some cases, serve a greater public good if we assume that every party involved acts ethically at all times. The problem is that in order for the bill to serve its purpose it assumes a standard of behavior higher than it is possible for any human being to meet. Not just one human being, but every human being that would be involved in this information exchange.
At some point down the line, when people are "used" to this kind of power, they will abuse it. It's a matter of "will they" or "won't they," it's a matter of "how long will it take?"
How long before the government asks an ISP how many of its members are Democrats? Or Republicans? Or gun owners? Or gay?
How long before the government starts redefining "dangerous and criminal" behavior to include activities that would previously have been considered nothing more than excercising your right to free speech?
How long before hackers and identity thieves start targeting the pools of information ISPs are collecting on your activities in preparation for possible government queries?
How long before other private companies petition to have this information used for other purposes? The idea that "the information is already there, we can use it to fight other kinds of crime" has a certain practical appeal. What kind of crimes will they target?
The people who are trying to pass this law are gambling that eventually the people who want to prevent this level of monitoring are going to get tired of the same old fight. They're gambling that the huge outcry over SOPA and PIPA was a one-time occurrence, and that all the people who rallied together then will say "well, that took care of that" and not bother getting involved this time around. And the sad fact is, it's not a bad gamble. I didn't want to pay attention to all the emails that were sent out by the ACLU, by the EFF, and a number of other concerned groups. I didn't want to have to talk to another Congressional aide. It's not fun and exciting, it's something that takes time out of my day, raises my blood pressure, and distracts me from tasks I would rather be doing.
But it must be done. If you believe that the government should not have carte blanche access to all your online data, and if you believe that private companies should be held responsible for the way they use your data, then you need to overcome the natural reluctance to speak out... and speak out. And, after having done that to hold each elected member of the government responsible for however they vote.
There must be consequences for irresponsible behavior.
If you agree with me, and you are an American Citizen, please use this ACLU contact form to ask your Congressional Representative to oppose CISPA.
And then get ready to do it again, because there will be a next time.
For more information on CISPA, have a look at the Electronic Frontier Foundation's action page.