The House of Representatives, which was supposed to vote on the Cyber Intelligence Sharing and Protection Act (CISPA) today, moved up what is being called the “Son of SOPA” vote to last night.
The bill passed - 248 to 168 and now goes to the Senate. The White House has threatened to veto the bill if it passes the Senate in its current form.
Just as SOPA (Stop Online Privacy Act) tried, in the name of copyright protection, to violate the privacy of internet users and lessen the openness of the Internet, CISPA, attempts to do something similar in the name of national and cyber-security.
According to Wired, CISPA “would encourage companies and the federal government to share information collected on the Internet to help preven telectronic attacks from cyber criminals, foreign governments and terrorists.”
Wired also notes that an ISP would not be required “to shield any personally identifying data of its customers when it believes it has detected threats, which include attack signatures, malicious code, phishing sites or botnets. In short, the measure seeks to undo privacy laws that generally forbid ISPs from disclosing customer communications with anybody else unless with a court order.”
Further, Wired points out “the bill immunizes ISPs from privacy lawsuits for voluntarily disclosing customer information thought to be a security threat ... Internet companies are also granted anti-trust protection to immunize them against allegations of colluding on cyber security issues. The measure is not solely limited to cyber security, and includes the catch all phrase 'national security' as a valid reason for turning over the data."
Techdirt also points out the bill’s serious flaws and the potential for its provisions to be abused:
Previously, CISPA allowed the government to use information for "cyber security" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cyber security crime, protection of individuals,and protection of children. Cyber security crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.
Basically this means CISPA can no longer be called a cyber security bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cyber security crime." It essentially says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government's power.
There are a few reasons why the outrage against CISPA has not been as intense as that against SOPA. First, CISPA would protect corporations that would work in conjunction with the government in collecting data, leaving the private citizen with few recourses for redress. Second, the amendments, written with vague language that can be loosely interpreted by the government to infringe upon the privacy of citizens when they collect things like medical records that do not have to be anonymized, that were added on when nobody was paying attention could not have been anticipated.
The fact that the House rushed to pass this in the dark of night only leads those who were already suspicious of CISPA to think their serious fears about the bill are not unfounded.