Posted by Tushar Chandra on Sunday, April 22, 2012
The Indiana High School Democrats executive committee released the following statement regarding CISPA:On behalf of our generation, Indiana High School Democrats would like to vehemently oppose CISPA as a bill that changes the web for the worse. To allow companies and corporations to distribute personal information that we entrust to them, and them alone, for the smallest of actions, is a violation of our privacy.
The committee's reasoning is described below.
On January 18, 2012, the Internet was filled with protests about the Stop Online Piracy Act, commonly known as SOPA, and the Protect IP Act, known as PIPA. Thousands of websites "went dark"--censored all or some of their information--in a protest to show what the internet would be like if SOPA and PIPA passed. Websites like the encyclopedia giant Wikipedia, news-sharing source Reddit, browser-creator Mozilla, and the ubiquitous Google joined the protest. People everywhere were in outrage over this, and following the protest, the bill was stopped.
Now, however, a new bill has surfaced - the Cyber Intelligence Sharing and Protection Act - CISPA. This bill allows governments to access information stored on company computers more easily in the event of a cyber threat. While this sounds acceptable--if national security is threatened, of course the government will do whatever it can to stop the threat--the problem with this bill is its overreaching scope in its definitions of various terms, such as cyber threats.
Cyber threats are defined as: "(A) efforts to degrade, disrupt, or destroy such [government] system or network; or (B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information." (A) sounds reasonable; it gives the government more power in the event of a national threat. However, part (B) is what opens up the floodgates. It allows companies to share personal information without permission to alleviate whatever they see as a threat. The bill defines threats so that accidentally downloading a file illegally, unknowingly sharing a copyrighted image, using a proxy, or encrypting emails can all be considered threats.
CISPA overrides all other laws relating to cybersecurity. Existing laws such as the Wiretap Act and Electronic Communications Act (which prevent companies from distributing your personal information and monitoring private communications without reason) are all overridden.
And if a company decides to give out your information, there is little you can do. The bill requires you to show that the company gave information to the government "intentionally to achieve a wrongful purpose," "without legal or factual justification," AND "in disregard of a known or obvious risk that is so great as to make it highly probably that the harm of the act or omission will outweigh the benefit." These provisions make it essentially impossible for anyone to sue a company for distributing personal information.
To make it worse, supporters of the bill include AT&T, Verizon, Facebook, Microsoft, and Google. The chances of another blackout happening are close to zero, and even if one did happen, it would not have nearly as large of an effect as the first.
The implications of this bill are gigantic; passing it could be a step in the wrong direction for the Internet. The bill gives governments extreme power over the Internet. Regulations on cyber threats would be acceptable if they were reasonable and specific, but this bill is broad and gives the government an unprecedented amount of control. CISPA is scheduled to be debated and voted on in the House this week, and we need to let lawmakers know that this is not okay.