April 19, 2013
By: Kelly Diamond, Editor
While proponents go so far as to argue that CISPA is a constitutional duty reflective of their oath of office, upon further examination, our right to privacy plays fifth fiddle to legislators’ desire to protect corporate and government information over that of private citizens.
CISPA is an example of the ineffectualness of laws: all lawmakers need to do is make another law that overrides any existing laws.
In a recent installation, I discussed the IRS and FBI’s eagerness to access our virtual communications. I also addressed in a different installation the warrantless searches (and seizures) conducted by the very pointless DHS. And while it’s nice to see organizations like the ACLU get their ire up, or see a little indignation from a few representatives, at the end of the day, the House passed CISPA (Cyber Intelligence Sharing and Protection Act) with an overwhelming majority (288 – 127).
The pretenses range from protecting citizens against terrorists to protecting the intellectual property of corporations to protecting the children. I’m all for safety, but if I took a backward glance at our history, I see individuals paying in treasure, blood and liberty for safety we never got from an enemy that was always right in our nation’s capital.
Rep. Dutch Ruppersberger, one of the founders of CISPA, says over $400 billion in American trade secrets are stolen every year. His solution is to put an END to such a free flow of information. Heaven forbid someone were to get a hold of an idea and improve it, or even sell it at a more competitive price! While I could write volumes on the farce that is “intellectual property”, the mere fact that legislators want to restrict or even monitor the flow of information in any way should worry people more than someone potentially learning Mrs. Field’s cookie recipe.
The bill for gun restrictions and further background checks failed. And sadly, many folks believed this was a win for liberty. There is no win here. The win would be if the legislators never entertained another piece of gun control legislation at all. But sure as legislators resurrected CISPA from its rejection coma, so shall be the case for gun control.
If you ever watched a movie called “Sneakers”, there is a particular line in that movie that proved to be quite accurate: “It’s about who controls the information.” It’s not about the money… or in this case, the guns. It’s about the information: controlling the flow of it, intercepting it, manipulating it, punishing it.
Just in case corporate trade secrets were not high on your list of things to freak out about, there is always good ole 9/11. Man, that event is like herpes: we tote it around like luggage and just when we think we’re through with it, it shamelessly flares up again. And what better segue than the Boston bombing?
Without a shred of evidence linking “hacktivism” (or cyberterrorism) to the Boston bombing, already politicians invoke the fear element to justify privacy taking a back seat to national security, making little distinction between a physical bomb and the “digital bombs” used by cyberterrorists (or whatever Rep. Mike McCaul of Texas was talking about).
Baseless allegations of Wikileaks looking to break into secure US databases were carelessly strewn about as well. The type of information they are targeting is rather telling of their motives, wouldn’t you say? Corporate trade secrets… and now whistle-blower information? Let’s say not only does someone figure out the secret recipe for Mrs. Field’s Cookies, BUT someone also manages to access information exposing corruption in our government… and BOTH were exposed! The only ones who should feel threatened are Mrs. Fields and our government because I certainly don’t feel less safe with such rabid information freely circulating.
Even if there were a breach in National Security in terms of our strategic information, I’m not particularly vested in protecting the American war machine – or catering to its overblown paranoia about keeping their secrets safe — at the cost of my own privacy. This law basically says, “Corporate and government information is MORE important than YOUR information, and therefore we wrote this law that protects them in that very order of priority.”
I don’t put much stock in intentions, mainly because they rarely amount to anything more than wishful talking points. But I’m willing to indulge the purported good intentions of CISPA in order to expose the egregious flaws in the legislation. Much like the good intentions behind sex offender registries, when someone can find themselves on that registry for urinating in a public park, the intentions don’t mean much.
Let’s set aside the whole National Security thing for a second, because we’re focusing on good intentions here and not hyperbolic political trump cards. This is where we parade the children out, much like we do for bills pertaining to gun control and education. You know the intentions are downright pure if kids are involved. There is a “harm” clause that speaks to such issues as child pornography, kidnapping, and other activity that could endanger a minor (perhaps referring to the Nightline episodes where pedophiles chat up minors and want to meet them).
These are terrible acts. And while I may be glib toward CISPA, make no mistake I take very seriously criminal behavior which target children. The only ones who have access to real-time information and communication are the providers. So if such communications were detected, companies like Google may voluntarily share such information. Perhaps in their privacy clauses, they could indicate that if information to this effect were detected, they reserve the right to take action. Such action, would be voluntary and at their discretion as a private company. But their discretion would be tempered by their reputation to protect their customers’ information.
A balance is needed between situations where a doctor forgoes confidentiality agreements if they know someone is in immediate danger; and cases like Switzerland or Israel who decided to sell out the privacy of individuals holding accounts in their banks to government thugs. The former is a life-saving measure, the latter ruined any vestige of credibility those countries’ banks had by aiding government theft.
Included in this “harm” clause is nebulous verbiage such as “any other crime related to protecting anyone from serious bodily harm”. Rep. Jared Polis points out that this could include fishing expeditions at everything from gun shows to football games. Should something go wrong at either of those events, he’s right to assume it could result in “serious bodily harm”. He’s also right to ask what football games and gun shows have to do with cybersecurity, as I also fail to see the connection.
Moreover, companies such as Google and Facebook have privacy polices fully disclosed on their websites so the user is made aware of the terms of use. CISPA would essentially invalidate these privacy policies rendering them legally unenforceable. Rep. Alan Grayson offered up a one-line amendment to CISPA requesting search warrants be obtained prior to searches. He was systematically shut down not only by proponents of the bill in the House Rules Committee, but by the language of that bill which boldly states: “notwithstanding any other provision of law”. So, notwithstanding the Fourth Amendment?
We cannot be so naïve as to view CISPA in a vacuum. Although even if we did, its flaws are rather self-evident. Compound CISPA with the latitude already bestowed upon federal agencies like the FBI and IRS who conduct warrantless searches of virtual communications already, along with the vague nature of verbiage which ultimately leaves these searches equally undefined except for the discretion of the officers conducting the searches. What we are left with is not that privacy is a fair-weather entitlement, rather that it is a social relic once enjoyed by free people.
The only vulnerability is in the predictable thought processes of these central planners. They rely on centralized information. CISPA would allow them to collect all sorts of information into one mega database, through which they could comb for any “suspicious” activity. This only highlights the need for individuals to start looking toward DEcentralized means of virtual communication.
One Response