CISPA’s biggest problem: Trust

CISPA-trust

Earlier this week, I was invited to join in on a conference call with Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), co-authors and chief sponsors of the increasingly-contentious Cyber Intelligence Sharing and Protection Act, better known as CISPA. During the hour-long talk about the bill, we heard time and again why this legislation is necessary, and why it’s not as dangerous as all of us rascally bloggers and civil liberty advocates are making it sound.

CISPA is not SOPA, they told us. It is “very limited” in its powers and its language. The bill is just 13 pages, and easy to understand. It really isn’t about gathering information on individuals, or going after individuals who illegally download music or movies, anyway. It’s about stopping nation states “like Russia and China” from stealing our business trade secrets, or waging a “catastrophic” cyber attack on our vital “networks and systems.”

This is exactly what I expected to hear. The congressmen need to sell their bill, after all, and part of that is convincing a critical press that there is no need to worry. And you know, despite my array of complaints about the bill, the call left me feeling like Rogers and Ruppersberger genuinely believe that CISPA is a good and necessary piece of legislation, one that poses no real threat to our privacy or our civil liberties.

But guess what: That doesn’t matter. Good intentions are not the same as good law.

The fact remains that critical portions of this bill — the infinitely vague definitions of “cyber threat” and “national security,” the far-reaching exemptions to existing laws, the toothless protections for privacy — all require us to trust that the federal government and corporations will not violate our rights. Any why in the hell would we trust that? We wouldn’t, and we don’t — because the federal government and corporations are not trustworthy.

Played for a fool

Let’s take the broad definitions of “cyber threat” and “national security” as a prime example. CISPA mandates that any information handed over to the federal government may only be used to protect against “cyber threats,” or for “the protection of the national security of the United States.” Ok, fine. But as anyone familiar with the Patriot Act knows, “national security” can mean almost anything. That alone makes this so-called “limitation” effectively meaningless. For this reason alone, CISPA should be thrown in a Capitol Hill trash can, and burned.

On top of this, CISPA explicitly says that “cyber threat intelligence” — the data that can lawfully be shared with, and acted upon by, the federal government — includes not only information that “directly” pertains to “a vulnerability of, or threat to, a system or network of a government or private entity,” it also means any information that pertains to “efforts to degrade, disrupt, or destroy such system or network” or “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Now, during the call, both Rogers and Ruppersberger assured us that this last bit is not meant to go after people who download “MP3 files or movies,” and that CISPA in no way gives the government the power to block access to websites. But the information gathered under CISPA most certainly COULD be used for that purpose, even if that’s not the primary objective. This is especially disconcerting considering that the data shared in this program will be handed directly to the Department of Homeland Security —the same organization that already seizes websites.

Once again, they are simply asking us to trust that the powers granted under this bill will not be used to go after these types of crimes. But a good piece of legislation would simply remove trust from the equation altogether by building in explicit rules prohibiting the information from being used in this way.

Just as they want us to believe that CISPA won’t be used for reasons other than direct cyber threats or genuine national security issues, they also want us to trust that the bill doesn’t give the government the power to spy on citizens. They do this by making the sharing of information voluntary, and “encouraging” companies who share their data with the government to strip it of all personally identifiable data. But as Leigh Beadon at TechDirt points out, “complicity between companies and the government, even when legally questionable, is common and widespread.” In other words: CISPA doesn’t require that companies share what they know with the government, but it makes doing so easier, and less risky for all parties involved. If Rogers and Ruppersberger were genuinely concerned about protecting individual privacy, they would amend CISPA to require — not simply permit — companies to anonymize the data they provide.

Conclusion

These are just a few examples of why critics say CISPA is a bad piece of legislation, and why they (I) believe it could be abused. The only argument from the pro-CISPA camp on this front is, “Don’t worry. Trust us.” But we don’t, and we won’t, and we shouldn’t. Trust simply should not be a factor. There are far too many instances of the government and corporations abusing their power at the detriment to innocent individuals for anyone with even a drip of sense  to put their faith, privacy, and civil liberties in the hands of those who could so easily squeeze out whatever justification they please.

Image via Kuzma/Shutterstock

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Home Theater

I’ve seen the 8K TV future, and you should be excited. Here’s why

Samsung set the tech world on fire when it announced it would sell an 85-inch 8K TV in the U.S. along with several 8K screen sizes in Europe. Debates over the validity and value of such a high resolution have continued since, and we're here…
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Web

Data stolen from HealthCare.gov includes partial SSNs and immigration status

Around 75,000 users have had their user data stolen from government site healthcare.gov, including information on their immigration status, whether they were pregnant, and partial social security numbers.
Mobile

Inferiority is a feature now! Palm's new plan is psychotic

The Palm is a smartphone to reduce your smartphone usage, or a small smartphone for when you don't want to carry your big smartphone. Palm itself doesn't seem sure which it is, but either way, it's a product that's so witless, we're amazed…
Home Theater

Budget TVs are finally worth buying, and you can thank Roku

Not all that long ago, budget TVs were only worth looking at if, well, you were on a budget. Thanks to Roku, not only are budget TVs now a viable option for anyone, but they might even be a better buy than more expensive TVs.
Mobile

Huawei and Leica’s monochrome lens is dead, so we celebrate its life

The Huawei Mate 20 and Mate 20 Pro do not have a dedicated monochrome camera lens, unlike the P20 Pro, and various Huawei and Leica phones before it. It's the end of an era, and also the start of a new one, as Leica has worked on its…
Mobile

Smartphone makers are vomiting a torrent of new phones, and we’re sick of it

Smartphone manufacturers like Huawei, LG, Sony, and Motorola are releasing far too many similar phones. The update cycle has accelerated, but more choice is not always a good thing.
Opinion

Do we even need 5G at all?

Faster phones, easier access to on-demand video, simpler networking -- on the surface, 5G sounds like a dream. So why is it more of a nightmare?
Computing

Razer’s most basic Blade 15 is the one most gamers should buy

Razer's Blade 15 is an awesome laptop for both gamers, streamers, professionals, and anyone else needing serious go in a slim profile, but its price is out of reach for many games. The new Blade 15 Base solves that problem with few…
Gaming

Going to hell, again. The Switch makes 'Diablo 3' feel brand-new

I've played every version of Diablo 3 released since 2012, racking up hundreds of hours in the process. Six years later, I'm playing it yet again on Nintendo Switch. Somehow, it still feels fresh.
Home Theater

The Apple AirPods 2 needed to come out today. Here are four reasons why

Apple announced numerous new products at its October 30 event, a lineup that included a new iPad Pro, a MacBook Air, as well as a new Mac Mini. Here are four reasons we wish a new set of AirPods were on that list.
Gaming

‘Fallout 76’ may have online multiplayer but it’s still a desolate wasteland

"Is Fallout 76 an MMO?" That depends on who you ask. Critics and players often cite its online multiplayer capabilities as a reason it qualifies. Yet calling the game an MMO only confuses matters, and takes away from what could make…