If you’re not afraid of #CISPA, you’re not really paying attention

SOPA was a black eye for the US government. Nothing in the last few decades can compare to the complete turnaround Washington DC had to make once the people of the internet and websites across the web made their opposition to the bill known back in January, 2012. Now, the politicians and other entities have learned from their mistakes. This time, they have been able to pull off the unthinkable.

They have successfully pulled the wool over the eyes of the American people. The public outrage that stopped SOPA has been replaced by solemn acceptance by some, disinterest from others, and a complete lack of understanding by most of what the Cyber Intelligence Sharing and Protection Act (CISPA) really means to Americans and the rest of the world.

In the most obvious ways, this bill is better than SOPA or PIPA. They took the queues from bloggers, technology leaders, and watchdog groups and addressed issues on retention of personal data, broad sharing of private information, and snooping into virtual places that people hold sacred such as email. What they replaced it with, however, is enough ambiguity to allow far worse intrusions on our digital lives.

A careful reading of the Myth vs Fact PDF that the government released reveals just how masterfully they employed their spin doctors. They position the bill to be nearly harmless. They address the obvious concerns to the point that the average American today would not only approve of the bill but would likely defend it to their friends who voiced opposition.

The reality is this: if you read through the bill and take note of certain points of interest, you’ll realize that they are granting the potential for more power and further intrusions into our digital lives than even SOPA and PIPA. Where SOPA dealt with specific ways that the government would intrude, CISPA deals in cleverly worded loophole phrases surrounded by phrases that emphasize protection of privacy.

On one hand, they’re saying that the government and certified entities will not be sharing private data without sufficient cause. On the other hand, they’re giving complete immunity to the government and “certified entities” who act in “good faith” with addressing cybersecurity threats. The legislation is loaded with language that’s designed to protect privacy but left these powerful loopholes in place. It’s as if they put your privacy in a house that has high fences and impenetrable defenses up front while leaving the back door wide open.

This was not an accident. The back doors that they left open are encompassed in a few sentences while the bulk of the bill makes a show of how well they’re trying to protect our privacy.

This bill is more dangerous that SOPA or PIPA. It is designed specifically to be very privacy-friendly throughout, then leaves a gaping hole open for the government and certified entities to use at will “in the name of cybersecurity”. It’s a zero-multiplier. In other words, all of the fancy wordsmithing and political mumbo jumbo is set into place to appease the privacy advocates while the loopholes trump the entire document.

As Red State puts it:

But CISPA does much more than simply permit companies to share information about genuine cyber threats. It would give companies blanket immunity from “any provision of law” that might limit the sharing of information about cybersecurity threats. That includes so-called net flow data, and other “big data” patterns of behavior that could indicate an attack is coming — but such data doesn’t include individuals’ private information. Yet, under CISPA, if a provider has a hunch that the contents of user emails or other online communications relate to a cyber threat, the provider may share this information with impunity.

A hunch. That’s all it takes to throw every privacy-protecting word of the document out the window.

I’ve said in the past that cyberwarfare is our greatest threat. That hasn’t changed. The US government needs to take the appropriate actions to make sure that infrastructure, defense, and welfare are safe from harm through digital attacks. CISPA isn’t the appropriate action. It’s the lazy action. It’s the easiest way to give the government the power to act. Unfortunately, it’s also the easiest way to give the government and certified entities power that can be too easily abused. If you’re not afraid, you’re not paying attention. If you don’t believe that such powers would be abused, you don’t understand human nature.

CISPA must be stopped.