CISPA’s biggest problem: Trust

CISPA-trust

Earlier this week, I was invited to join in on a conference call with Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), co-authors and chief sponsors of the increasingly-contentious Cyber Intelligence Sharing and Protection Act, better known as CISPA. During the hour-long talk about the bill, we heard time and again why this legislation is necessary, and why it’s not as dangerous as all of us rascally bloggers and civil liberty advocates are making it sound.

CISPA is not SOPA, they told us. It is “very limited” in its powers and its language. The bill is just 13 pages, and easy to understand. It really isn’t about gathering information on individuals, or going after individuals who illegally download music or movies, anyway. It’s about stopping nation states “like Russia and China” from stealing our business trade secrets, or waging a “catastrophic” cyber attack on our vital “networks and systems.”

This is exactly what I expected to hear. The congressmen need to sell their bill, after all, and part of that is convincing a critical press that there is no need to worry. And you know, despite my array of complaints about the bill, the call left me feeling like Rogers and Ruppersberger genuinely believe that CISPA is a good and necessary piece of legislation, one that poses no real threat to our privacy or our civil liberties.

But guess what: That doesn’t matter. Good intentions are not the same as good law.

The fact remains that critical portions of this bill — the infinitely vague definitions of “cyber threat” and “national security,” the far-reaching exemptions to existing laws, the toothless protections for privacy — all require us to trust that the federal government and corporations will not violate our rights. Any why in the hell would we trust that? We wouldn’t, and we don’t — because the federal government and corporations are not trustworthy.

Played for a fool

Let’s take the broad definitions of “cyber threat” and “national security” as a prime example. CISPA mandates that any information handed over to the federal government may only be used to protect against “cyber threats,” or for “the protection of the national security of the United States.” Ok, fine. But as anyone familiar with the Patriot Act knows, “national security” can mean almost anything. That alone makes this so-called “limitation” effectively meaningless. For this reason alone, CISPA should be thrown in a Capitol Hill trash can, and burned.

On top of this, CISPA explicitly says that “cyber threat intelligence” — the data that can lawfully be shared with, and acted upon by, the federal government — includes not only information that “directly” pertains to “a vulnerability of, or threat to, a system or network of a government or private entity,” it also means any information that pertains to “efforts to degrade, disrupt, or destroy such system or network” or “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Now, during the call, both Rogers and Ruppersberger assured us that this last bit is not meant to go after people who download “MP3 files or movies,” and that CISPA in no way gives the government the power to block access to websites. But the information gathered under CISPA most certainly COULD be used for that purpose, even if that’s not the primary objective. This is especially disconcerting considering that the data shared in this program will be handed directly to the Department of Homeland Security —the same organization that already seizes websites.

Once again, they are simply asking us to trust that the powers granted under this bill will not be used to go after these types of crimes. But a good piece of legislation would simply remove trust from the equation altogether by building in explicit rules prohibiting the information from being used in this way.

Just as they want us to believe that CISPA won’t be used for reasons other than direct cyber threats or genuine national security issues, they also want us to trust that the bill doesn’t give the government the power to spy on citizens. They do this by making the sharing of information voluntary, and “encouraging” companies who share their data with the government to strip it of all personally identifiable data. But as Leigh Beadon at TechDirt points out, “complicity between companies and the government, even when legally questionable, is common and widespread.” In other words: CISPA doesn’t require that companies share what they know with the government, but it makes doing so easier, and less risky for all parties involved. If Rogers and Ruppersberger were genuinely concerned about protecting individual privacy, they would amend CISPA to require — not simply permit — companies to anonymize the data they provide.

Conclusion

These are just a few examples of why critics say CISPA is a bad piece of legislation, and why they (I) believe it could be abused. The only argument from the pro-CISPA camp on this front is, “Don’t worry. Trust us.” But we don’t, and we won’t, and we shouldn’t. Trust simply should not be a factor. There are far too many instances of the government and corporations abusing their power at the detriment to innocent individuals for anyone with even a drip of sense  to put their faith, privacy, and civil liberties in the hands of those who could so easily squeeze out whatever justification they please.

Image via Kuzma/Shutterstock

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Computing

Razer’s most basic Blade 15 is the one most gamers should buy

Razer's Blade 15 is an awesome laptop for both gamers, streamers, professionals, and anyone else needing serious go in a slim profile, but its price is out of reach for many games. The new Blade 15 Base solves that problem with few…
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Mobile

How to switch from iPhone to Android: The ultimate guide

If you've decided to bridge the great tech divide and leave Apple's walled garden for the unknown shores of Android, then you'll find all the tips and advice you need to begin switching from an iPhone to an Android device.
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Mobile

Smartphone makers are vomiting a torrent of new phones, and we’re sick of it

Smartphone manufacturers like Huawei, LG, Sony, and Motorola are releasing far too many similar phones. The update cycle has accelerated, but more choice is not always a good thing.
Opinion

Do we even need 5G at all?

Faster phones, easier access to on-demand video, simpler networking -- on the surface, 5G sounds like a dream. So why is it more of a nightmare?
Home Theater

The Apple AirPods 2 needed to come out today. Here are four reasons why

Apple announced numerous new products at its October 30 event, a lineup that included a new iPad Pro, a MacBook Air, as well as a new Mac Mini. Here are four reasons we wish a new set of AirPods were on that list.
Gaming

Going to hell, again. The Switch makes 'Diablo 3' feel brand-new

I've played every version of Diablo 3 released since 2012, racking up hundreds of hours in the process. Six years later, I'm playing it yet again on Nintendo Switch. Somehow, it still feels fresh.
Gaming

‘Fallout 76’ may have online multiplayer but it’s still a desolate wasteland

"Is Fallout 76 an MMO?" That depends on who you ask. Critics and players often cite its online multiplayer capabilities as a reason it qualifies. Yet calling the game an MMO only confuses matters, and takes away from what could make…
Digital Trends Live

Microsoft has #*!@ed up to-do lists on an epic scale

Microsoft has mucked up to-do lists on a scale you simply can’t imagine, a failure that spans multiple products and teams, like a lil’ bit of salmonella that contaminates the entire output from a factory.
Opinion

As Amazon turns up the volume on streaming, Spotify should shudder

Multiple players are all looking to capitalize on the popularity of streaming, but it has thus far proved nearly impossible to make a profit. Could major tech companies like Amazon be primed for a streaming take-over?
Gaming

Throw out the sandbox. ‘Red Dead Redemption 2’ is a fully realized western world

Despite featuring around 100 story missions, the real destination in Red Dead Redemption 2 is the journey you make for yourself in the Rockstar's open world, and the game is better for it.
Gaming

‘Diablo Immortal’ is just the beginning. Mobile games are the future

Diablo fans were furious about Diablo Immortal, but in truth, mobile games are the future. From Apple and Samsung to Bethesda and Blizzard, we’re seeing a new incentive for games that fit on your phone.
Movies & TV

He created comics, movies, and superheroes. But Stan Lee lived for joy

Stan Lee was a creator, a celebrity, an icon, and beneath it all, a real-life good guy with all the same human qualities that made his superheroes so relatable. And his greatest joy was sharing his creations with the world.