Remember the Stop Online Piracy Act (SOPA), the Congressional bill aimed at stopping the theft of intellectual property on the Internet? The uproar over the bill was so widespread and so negative that Congress tossed aside the bill.
Whether or not you include SOPA, Congress has been talking a lot about Internet security and privacy lately. One of those bills is the Cyber Intelligence Sharing and Protection Act (CISPA), which has been gathering bipartisan support since it was introduced several months ago. The purpose of CISPA is to allow information sharing between private and public sectors for the sake of improving cybersecurity.
However, a lot of security people appear to be concerned that CISPA will be just as bad or worse than SOPA. According to the Electronic Frontier Foundation (EFF):
The bill would allow a broad swath of ISPs and other private entities to "use cybersecurity systems" to collect and share masses of user data with the government, other businesses, or "any other entity" so long as it's for a vaguely-defined "cybersecurity purpose." It would trump existing privacy statutes that strictly limit the interception and disclosure of your private communications data, as well as any other state or federal law that might get in the way. Indeed, the language may be broad enough to bless the covert use of spyware if done in "good faith" for a "cybersecurity purpose."
As Andrew Couts wrote at Digital Trends, the biggest difference right now between SOPA and CISPA is that the tech organizations that fought SOPA are supporting CISPA. He stated:
Facebook, Microsoft, Oracle, IBM, Intel, AT&T, Verizon - all of them (and many others) have already sent letters to congress voicing support for CISPA. And that should come as no surprise. Whereas SOPA and PIPA were bad for many companies that do business on the Internet, and burdened them with the unholy task of policing the Web (or facing repercussions if they did't), this bill makes life easier for them; it removes regulations and the risk of getting sued for handing over our information to The Law. Not to mention doing what the bill says it's going to do: protecting them from cyber threats.
Couple CISPA with the reports from the United Kingdom that it wants to begin monitoring all electronic exchanges, and you see that privacy rights in the name of security aren't only a concern for Americans.
The news from the UK actually bothers me more than CISPA does. Perhaps it's the way the UK decision will be made - pretty much unilaterally - but more likely it is that the underlying premise of CISPA is cybersecurity. I'm not going to suddenly become distraught over the idea of private entities sharing information with government agencies. Private industry has been selling the souls of its customers for years, and government agencies have long had access and legislation in place to spy on the public. I liken CISPA to the TSA - the intent is correct in that stricter security measures are needed, but perhaps the execution of the intent needs to be fine-tuned.