Terms & Conditions: Congress has privacy policies in its sights with CISPA

Terms and Conditions CISPA

The purpose of Terms & Conditions is to parse through the terms of service and privacy polices of online sites or services. We at Digital Trends think this is important because these documents are legal contracts by which users and the company must abide. Privacy policies in particular tell us how our personal information will be collected and used by the company in question, providing us with protection in case the company violates its own rules. But thanks to a bill currently making its way through Congress, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA), the legal weight of all privacy polices may soon dwindle faster than a liposuction patient. So, for this week’s T&C, we’ll cut through the legal jargon of CISPA to see what the bill may mean for the future of online privacy rights.

CISPA, in short

CISPA is a cybersecurity bill that would allow for greater sharing of “cyber threat information” (CTI) between the federal government and businesses. Companies (like Facebook, Google, or Digital Trends) would be free to share CTI with the government, but would not be required to do so. The bill would also allow the federal government to more easily share classified information with businesses.

CISPA was originally introduced in 2012. The bill passed the House of Representatives the first time around, but failed to pass the Senate. Co-sponsors of the bill, Reps Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD), reintroduced the bill in February. CISPA passed the House on Thursday with a vote of 288 to 127.

The anti-CISPA position

Despite its seeming popularity in the House, CISPA remains enemy number one for civil liberty and Internet freedom advocates, who argue that the bill is too broadly written, allowing the government – especially secretive military sectors, like the National Security Agency (NSA) – to get their mitts on citizens’ personal information. 

“CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records of the contents of emails, to any agency in the government including the military and intelligence agencies like the National Security Administration or the Department of Cyber Command,” wrote a coalition of citizen rights groups in a letter (PDF) to Congress opposing CISPA last month. “Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cyber security.”

At the heart of the CISPA opposition is a provision that allows companies to share CTI with “any other entity, including the federal government” with complete impunity – “not withstanding any other provision of law” – which means that companies that share CTI may not be sued or convicted of criminal wrongdoing, no matter what any other law or their own privacy policies say. This is the reason CISPA is problematic.

The pro-CISPA position

Champions of CISPA say the bill is necessary to protect U.S. critical infrastructure networks – things like electrical and water supply systems – from being attacked through computer network. Furthmore, CISPA supporters firmly reject the idea that the bill would hurt individual privacy or Internet freedom. 

“The Cyber Intelligence Sharing and Protection Act allows us to take that first critical step of sharing information in a way that is effective but still protects our civil liberties,” wrote Rep. Rogers in a US News & World Report op-ed on Wednesday. “… Most importantly, under the bill, information sharing by the private sector is voluntary, with strong controls to ensure that personal information is protected. It allows only information directly pertaining to threats or vulnerabilities to be shared for the explicit purpose of protecting systems and networks from such threats, and it allows those in the private sector to minimize or anonymize the information shared based on their own determination of what is minimally necessary to address those threats.” 

In addition to its support in Congress, CISPA enjoys backing from major U.S. telecommunications providers, including AT&T and Verizon, as well as that of lobbying organizations that represent companies like Google and Amazon. 

What happens next with CISPA?

CISPA will now move to the Senate for debate. Like last year’s movement over CISPA, however, the bill faces an increasingly steep uphill battle. The most powerful CISPA opponent is President Barack Obama who issued a veto threat (PDF) on the basis that it “fails to provide authorities to ensure that the nation’s core critical infrastructure is protected while repealing important provisions” of privacy law. 

In addition, Internet freedom group Fight for the Future has launched a campaign to get Rep. Rogers, who recently characterized CISPA opponents as a “14-year-old tweeter in the basement,” to debate an actual 14-year-old over the merits of the legislation.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Get our Top Stories delivered to your inbox: