CISPA’s biggest problem: Trust

CISPA-trust

Earlier this week, I was invited to join in on a conference call with Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), co-authors and chief sponsors of the increasingly-contentious Cyber Intelligence Sharing and Protection Act, better known as CISPA. During the hour-long talk about the bill, we heard time and again why this legislation is necessary, and why it’s not as dangerous as all of us rascally bloggers and civil liberty advocates are making it sound.

CISPA is not SOPA, they told us. It is “very limited” in its powers and its language. The bill is just 13 pages, and easy to understand. It really isn’t about gathering information on individuals, or going after individuals who illegally download music or movies, anyway. It’s about stopping nation states “like Russia and China” from stealing our business trade secrets, or waging a “catastrophic” cyber attack on our vital “networks and systems.”

This is exactly what I expected to hear. The congressmen need to sell their bill, after all, and part of that is convincing a critical press that there is no need to worry. And you know, despite my array of complaints about the bill, the call left me feeling like Rogers and Ruppersberger genuinely believe that CISPA is a good and necessary piece of legislation, one that poses no real threat to our privacy or our civil liberties.

But guess what: That doesn’t matter. Good intentions are not the same as good law.

The fact remains that critical portions of this bill — the infinitely vague definitions of “cyber threat” and “national security,” the far-reaching exemptions to existing laws, the toothless protections for privacy — all require us to trust that the federal government and corporations will not violate our rights. Any why in the hell would we trust that? We wouldn’t, and we don’t — because the federal government and corporations are not trustworthy.

Played for a fool

Let’s take the broad definitions of “cyber threat” and “national security” as a prime example. CISPA mandates that any information handed over to the federal government may only be used to protect against “cyber threats,” or for “the protection of the national security of the United States.” Ok, fine. But as anyone familiar with the Patriot Act knows, “national security” can mean almost anything. That alone makes this so-called “limitation” effectively meaningless. For this reason alone, CISPA should be thrown in a Capitol Hill trash can, and burned.

On top of this, CISPA explicitly says that “cyber threat intelligence” — the data that can lawfully be shared with, and acted upon by, the federal government — includes not only information that “directly” pertains to “a vulnerability of, or threat to, a system or network of a government or private entity,” it also means any information that pertains to “efforts to degrade, disrupt, or destroy such system or network” or “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Now, during the call, both Rogers and Ruppersberger assured us that this last bit is not meant to go after people who download “MP3 files or movies,” and that CISPA in no way gives the government the power to block access to websites. But the information gathered under CISPA most certainly COULD be used for that purpose, even if that’s not the primary objective. This is especially disconcerting considering that the data shared in this program will be handed directly to the Department of Homeland Security —the same organization that already seizes websites.

Once again, they are simply asking us to trust that the powers granted under this bill will not be used to go after these types of crimes. But a good piece of legislation would simply remove trust from the equation altogether by building in explicit rules prohibiting the information from being used in this way.

Just as they want us to believe that CISPA won’t be used for reasons other than direct cyber threats or genuine national security issues, they also want us to trust that the bill doesn’t give the government the power to spy on citizens. They do this by making the sharing of information voluntary, and “encouraging” companies who share their data with the government to strip it of all personally identifiable data. But as Leigh Beadon at TechDirt points out, “complicity between companies and the government, even when legally questionable, is common and widespread.” In other words: CISPA doesn’t require that companies share what they know with the government, but it makes doing so easier, and less risky for all parties involved. If Rogers and Ruppersberger were genuinely concerned about protecting individual privacy, they would amend CISPA to require — not simply permit — companies to anonymize the data they provide.

Conclusion

These are just a few examples of why critics say CISPA is a bad piece of legislation, and why they (I) believe it could be abused. The only argument from the pro-CISPA camp on this front is, “Don’t worry. Trust us.” But we don’t, and we won’t, and we shouldn’t. Trust simply should not be a factor. There are far too many instances of the government and corporations abusing their power at the detriment to innocent individuals for anyone with even a drip of sense  to put their faith, privacy, and civil liberties in the hands of those who could so easily squeeze out whatever justification they please.

Image via Kuzma/Shutterstock

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.
Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Cars

Apple Car may make its debut in the middle of the next decade

Apple likely won't become a full-fledged manufacturer like General Motors or Ford, but the tech giant is diving into the auto industry pool. Here's everything we know about the company's automotive efforts.
Smart Home

4 reasons my love affair with Amazon is fizzling

I used to be an avid Amazon shopper. But some things have happened recently that’s made me question my loyalty to the retail giant. And to be honest, I’m not sure if I can trust them any longer.
Computing

Can we get an apology? Two big MacBook fails that Apple should fix at WWDC

WWDC is just around the corner, but if you're hoping for a new MacBook Pro, don't hold your breath. Even though it'll probably only be a CPU bump, there are two significant problems with the current MacBook Pro that have been ignored for…
Mobile

iOS 12 is more evidence you should buy an iPhone, not an Android phone

The next version of Apple’s mobile operating system, iOS 12, will be compatible with devices all the way back to 2013’s iPhone 5S. Android phones from the same era didn’t even see 2016’s software update. It’s further evidence you…
Smart Home

Is Apple showing up late to the smart home party, or just not coming?

Apple’s WWDC 2018 featured a lot of little announcements, but what was largely missing was news on the smart home front. Is Amazon planning on being late to the smart home party, or are they planning on attending at all?
Mobile

5 obviously stupid iPhone problems that iOS 12 doesn’t even try to fix

At WWDC 2018, Apple took the wraps off the latest version of its iOS operating system. iOS 12 introduces quite a bit of changes -- visually and under the hood -- but there are still some basics that it doesn’t address. Here are a few of…
Health & Fitness

Ugh. I’m done with fitness trackers, and so is the world

In 2016, everyone was tracking their fitness. In 2017, people grew tired of it. In 2018, I’m done with it. I’m going tracker-free in my workouts from now on.
Computing

MacOS Mojave brings evening elegance to your Mac experience

The MacOS Mojave public beta is out now, with an official release coming later this fall. Chock-full of quality-of-life upgrades, we took it for a test drive to get a sneak peek at what you can expect from the next major update to MacOS…
Gaming

Google might be planning a game console. That doesn’t mean it will happen

A new report suggests that Google is working on a game console, code-named Yeti. The reports about Google's game console are likely true, but that doesn't mean we will ever see it.
Home Theater

Why I still won’t wear wireless headphones

Wireless headphones promise liberation from cords, tangles, and snags, but there’s just one issue holding them back: battery life. And until manufacturers figure it out, sales numbers prove consumers aren’t yet biting.
Home Theater

We all cut cable, and now we’re just as screwed on streaming

As live TV streaming services like Sling TV and PlayStation Vue raise prices in tandem, it raises questions about whether these services were ever a viable alternative to cable in the first place.