Stop CISPA

Last week, the House of Representatives voted for CISPA. So what is it? CISPA stands for the Cyber Intelligence Sharing and Protection Act. The way the bill is written, it won’t actually protect you, but it will violate your 4th amendment right to privacy. If you wish to you could read into this broadbandsearch.net cyber security article with information and statistics, and realize that no one can really be private anymore, not even the smallest to the biggest of businesses, data can always be leaked and illegally obtained somehow, especially in a neverending evolving digital world, which is why it’s important that cybersecurity evolves just as quick, and hopefully quicker than cybercrime can. Having said that, cybersecurity is definitely evolving (you can find out more about this if you click here), so hopefully it can help when it needs to rather quickly.

It lets the government spy on you without a warrant.

The bill grants new powers to “cybersecurity providers” and “self-protected entities” and it specifically excludes the government from being considered a “cybersecurity provider.” But due to a drafting discrepancy, the government could fall within the definition of a “self-protected entity” and obtain many of the additional powers granted by CISPA.

This is because a “cybersecurity provider” must be a “non-governmental entity,” but the definitions of “self-protected entity” or a “protected entity” do not have this limitation. These definitions are critical, as they specify who gets to wield CISPA authority to obtain and transfer your information. This is information many learn about through a Cybersecurity Curriculum, and not through general education.

While the intent of CISPA is to give companies this additional authority, under these definitions, the government could also assert some of the new powers granted by CISPA: to “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the government, so long as it is for “cybersecurity purposes.”

Basically, no one is exactly sure what is exactly covered by such a “cybersecurity system.” Under the vague definition, such a “system” could range from basic defensive software tools, like port-scanning, to more aggressive offensive countermeasures.

It makes it so you can’t even find out about it after the fact.

This bill dismisses the Freedom of Information Act for a whole new category of information that they don’t understand, that doesn’t even exist yet.

The Freedom of Information Act is the law that lets the public force the government to determine whether information should be released or not. The Freedom of Information Act doesn’t guarantee that information will be released, but just that anyone can request its release, and then have a legal process to try to provide a fair ruling on whether that information should be made public. Information that shouldn’t be shared is already protected by law, through largely uncontroversial exemptions.

CISPA dismisses this fundamental safeguard for public oversight of government activities, for the core activities of the newly proposed powers under the bill.

It makes it so companies can’t be sued when they do illegal things with your data.

Under CISPA, any company can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company, and then share that information with third parties, including the government, so long as it is for “cybersecurity purposes.” Whenever these prerequisites are met, CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files.

Though your emails and messages can be kept from your communications service providers legally through the use of a VPN. These Virtual Private Networks like expressvpn vs nordvpn can encrypt your data as it is being sent from your computer or phone through to its target meaning that service providers are unable to read them without the right encryption key. Though it is important to point out that your data could still be obtained from the VPN provider, in most cases this would require a warrant.

In the case of cloud storage though, there are few precautions one can take to prevent this from being accessed by the government. Though a cloud storage service based in a country with strong data protection laws requiring a warrant to access them could possibly be an option.

Right now, well-established laws like the Cable Communications Policy Act, the Wiretap Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act provide judicial oversight and other privacy protections that prevent companies from unnecessarily sharing your private information, including the content of your emails.

And these laws expressly allow lawsuits against companies that go too far in divulging your private information. CISPA threatens these protections by declaring that key provisions in CISPA are effective “notwithstanding any other law,” a phrase that essentially means CISPA would override the relevant provisions in all other laws-including privacy laws. CISPA also creates a broad immunity for companies against both civil and criminal liability. CISPA provides more legal cover for companies to share large swaths of potentially personal and private information with the government.

It makes every privacy policy on the web a moot point, and violates the 4th amendment.

This bill allows the private sector to share Americans’ private information with the government, including agencies within the Department of Defense (DoD), such as the National Security Agency (NSA). Even represenatives from corporate America have stated repeatedly that the private sector generally does not need to share Americans’ personally identifiable information (PII) with the government to advance cybersecurity.

CISPA is set up to immunize companies from liability for sharing private information like internet records, communications content, and identifying information. The bill sponsors have also tried to establish that the government, and not the private sector, is best positioned to anonymize data (that is after they have been given access to see it).

Find out more for yourself.

Read the content of H.R.3523 – Cyber Intelligence Sharing and Protection Act of 2011 now, and find out more at CISPAisBack.org.

Ok… so I didn’t actually take my site down. I’m a bit lazy like that. But at least I took this opportunity to tell you a little more about CISPA and how it might affect you and your internet.