CISPA’s biggest problem: Trust

CISPA-trust

Earlier this week, I was invited to join in on a conference call with Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), co-authors and chief sponsors of the increasingly-contentious Cyber Intelligence Sharing and Protection Act, better known as CISPA. During the hour-long talk about the bill, we heard time and again why this legislation is necessary, and why it’s not as dangerous as all of us rascally bloggers and civil liberty advocates are making it sound.

CISPA is not SOPA, they told us. It is “very limited” in its powers and its language. The bill is just 13 pages, and easy to understand. It really isn’t about gathering information on individuals, or going after individuals who illegally download music or movies, anyway. It’s about stopping nation states “like Russia and China” from stealing our business trade secrets, or waging a “catastrophic” cyber attack on our vital “networks and systems.”

This is exactly what I expected to hear. The congressmen need to sell their bill, after all, and part of that is convincing a critical press that there is no need to worry. And you know, despite my array of complaints about the bill, the call left me feeling like Rogers and Ruppersberger genuinely believe that CISPA is a good and necessary piece of legislation, one that poses no real threat to our privacy or our civil liberties.

But guess what: That doesn’t matter. Good intentions are not the same as good law.

The fact remains that critical portions of this bill — the infinitely vague definitions of “cyber threat” and “national security,” the far-reaching exemptions to existing laws, the toothless protections for privacy — all require us to trust that the federal government and corporations will not violate our rights. Any why in the hell would we trust that? We wouldn’t, and we don’t — because the federal government and corporations are not trustworthy.

Played for a fool

Let’s take the broad definitions of “cyber threat” and “national security” as a prime example. CISPA mandates that any information handed over to the federal government may only be used to protect against “cyber threats,” or for “the protection of the national security of the United States.” Ok, fine. But as anyone familiar with the Patriot Act knows, “national security” can mean almost anything. That alone makes this so-called “limitation” effectively meaningless. For this reason alone, CISPA should be thrown in a Capitol Hill trash can, and burned.

On top of this, CISPA explicitly says that “cyber threat intelligence” — the data that can lawfully be shared with, and acted upon by, the federal government — includes not only information that “directly” pertains to “a vulnerability of, or threat to, a system or network of a government or private entity,” it also means any information that pertains to “efforts to degrade, disrupt, or destroy such system or network” or “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Now, during the call, both Rogers and Ruppersberger assured us that this last bit is not meant to go after people who download “MP3 files or movies,” and that CISPA in no way gives the government the power to block access to websites. But the information gathered under CISPA most certainly COULD be used for that purpose, even if that’s not the primary objective. This is especially disconcerting considering that the data shared in this program will be handed directly to the Department of Homeland Security —the same organization that already seizes websites.

Once again, they are simply asking us to trust that the powers granted under this bill will not be used to go after these types of crimes. But a good piece of legislation would simply remove trust from the equation altogether by building in explicit rules prohibiting the information from being used in this way.

Just as they want us to believe that CISPA won’t be used for reasons other than direct cyber threats or genuine national security issues, they also want us to trust that the bill doesn’t give the government the power to spy on citizens. They do this by making the sharing of information voluntary, and “encouraging” companies who share their data with the government to strip it of all personally identifiable data. But as Leigh Beadon at TechDirt points out, “complicity between companies and the government, even when legally questionable, is common and widespread.” In other words: CISPA doesn’t require that companies share what they know with the government, but it makes doing so easier, and less risky for all parties involved. If Rogers and Ruppersberger were genuinely concerned about protecting individual privacy, they would amend CISPA to require — not simply permit — companies to anonymize the data they provide.

Conclusion

These are just a few examples of why critics say CISPA is a bad piece of legislation, and why they (I) believe it could be abused. The only argument from the pro-CISPA camp on this front is, “Don’t worry. Trust us.” But we don’t, and we won’t, and we shouldn’t. Trust simply should not be a factor. There are far too many instances of the government and corporations abusing their power at the detriment to innocent individuals for anyone with even a drip of sense  to put their faith, privacy, and civil liberties in the hands of those who could so easily squeeze out whatever justification they please.

Image via Kuzma/Shutterstock

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

Death from above? How we’re preparing for a future filled with weaponized drones

Drones are beginning to enable everything from search & rescue, to the delivery of medicines to hard-to-reach places. But they are also being used as cheap, and deadly flying bombs. How can we defend ourselves?
Computing

Apple CEO demands Bloomberg retract its Chinese surveillance story

Apple CEO Tim Cook is calling on Bloomberg to retract a story alleging that Apple had purchased compromised servers that allowed the Chinese government to spy on Apple. Apple's investigation found no truth to the story.
Social Media

Some major Facebook investors want to oust Zuckerberg after scandals

After multiple scandals, Facebook investors are proposing founder and CEO Mark Zuckerberg leave his position as chairman. The group says that making the position independent would remove Zuckerberg's "unchecked corporate power."
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Mobile

No, blue light from your cell phone won’t make you blind

A new study from the University of Toledo reveals the process by which blue light impacts the photoreceptors in our eyes and leads to macular degeneration, an incurable eye disease that causes blindness later in life. The fact that blue…
Computing

Nvidia’s new GPUs look amazing, but that doesn’t mean you should buy one

Nvidia's GeForce 2080 is a powerful graphics card that supports ray tracing to deliver real-time cinematic renderings of shadows, light, and reflection in games, but unless you were already planning on upgrading, you'll probably want to…
Movies & TV

Bored with Netflix? As it goes global, the selection is about to explode

Netflix is going global. And even if you never leave step foot outside America, you should be excited. More subscribers abroad means more original, diverse content, and plenty to watch when House of Cards gets stale.
Wearables

New Wear OS smartwatches have arrived! Here’s why you shouldn’t buy them

The likes of Skagen and Diesel have unveiled new Wear OS smartwatches at IFA 2018. You shouldn't buy them, because they're utilizing an old processor. Qualcomm is expected to announce a new wearable processor next month.
Home Theater

8K is the next big thing in TVs. Get over it

8K is the next big thing in TV. At least, that’s how LG, Samsung, Sony, and Sharp would have it. At IFA 2018, Samsung announced it would begin shipping its gorgeous Q900R series series 8K TVs this year. LG arrived with a glorious 88-inch…
Features

Opinion: Apple needs to modernize its antiquated annual app update routine

While Google updates its core Android apps frequently through the Play Store, Apple saves up core app updates for its annual iOS unveiling. Perhaps it’s time that Apple took a new approach.
Photography

Canon and Nikon’s new mirrorless cameras impress. Should Sony start worrying?

Canon’s EOS R and Nikon’s Z mirrorless systems are coming out of the gate strong, incorporating features that took Sony years to implement and refine. But Sony still has a lead, and may have it for some time.
Mobile

XS Max? XR? Apple’s new iPhone names are a confusing mess

Apple's new iPhone range has the most baffling set of names we've seen in a while, and it's not good news. The phones may be great, but the confusing names shift away from the one brand name everyone knows.
Apple

OPINION: Apple’s new iPhones show off its best tech, and also its greed

We’re just as enamored by the new iPhones as the next person, but with fast charging an extra cost and the removal of the headphone dongle it feels like Apple is gouging us on accessories.
Smart Home

The Google Home Hub doesn’t have a camera. Here’s why that’s a good thing

Bucking the smart display trend, Google's new $149 Home Hub smart display surprisingly doesn't have a camera. We think a camera-less Google smart speaker with a screen is a good thing, and here's why.