Freedom at the heart of cyber law battles

PUBLISHED : Thursday, 17 May, 2012, 12:00am
UPDATED : Thursday, 17 May, 2012, 12:00am



Impact of Cispa on the public

The Hill, a newspaper in the city of Washington, reported that Cispa would create an exemption to all privacy laws. Companies that hold a citizen's private information can share it with one another or the government for cyber-security purposes.

Firms sharing information would get complete liability protection: they would no longer be held accountable by their customers, or even the government, if they negligently or recklessly mishandled information.

Once in government hands, information can be used for any lawful purpose so long as there is a significant cyber security or national security purpose. The programme is permanent and will be reviewed only annually by the inspector general of the intelligence community.

The bill's goal is to encourage companies to share information with the government, helping it to fight and prevent cyber-security attacks. But the language in the bill is far too vague when it comes to distinguishing how the government can use that information, leading critics to call it 'evil'. The bill also doesn't provide an adequate description of what is considered a 'security threat'.

There are numerous privacy problems with Cispa. First, the definition of what can be shared is very broad, and includes sensitive and private information such as contents of e-mails or a person's internet history. Firms are not required to even make an effort to separate sensitive but unnecessary information from the technical and useful data that the government might need.

Second, the bill allows companies to choose which government agency to share the information with, including the National Security Agency or other elements of the Department of Defence.

It offers few limitations on what can be done with the information that the government ultimately collects.

Businesses become state spies

If one believes in privacy and free markets, one should be concerned about the proposed marriage of government intelligence-gathering with private, profit-seeking firms.

Former Republican presidential candidate Ron Paul said Cispa is an alarming form of corporatism, as it intertwines government with companies like Google and Facebook. It permits them to hand over private communications to officials without a warrant and leaves individuals without recourse for invasions of privacy. 'Imagine having government-approved employees embedded at Facebook, complete with federal security clearances, serving as conduits for secret information about their American customers,' he said.

Facebook says it supports the bill because it needs information about cyber threats from the US government to keep its site secure and protect the data of its 845 million users.

Joel Kaplan, vice-president of public policy for Facebook, said: 'One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those companies and their users from being victimised ... Similarly, if the government learns of an intrusion, the more it can share about that attack with private companies, and the faster it can share the information, the better the protection for users and our systems.'


On April 26, the United States House of Representatives passed a controversial cyber security bill called the Cyber Intelligence Sharing and Protection Act (Cispa).

Before the bill was passed, President Barack Obama said he would veto it if it was presented to him for his signature because of concerns over privacy and oversight.

Critics warn that the new bill would give the government free rein to monitor communications, filter content from websites and possibly shut down access to online services.

The White House, explaining its opposition to the bill, said it failed to protect core US infrastructure 'while repealing important provisions of electronic surveillance law without instituting corresponding privacy ... safeguards'.

Republican Mike Rogers and his congressional colleague, Democrat Dutch Ruppersberger, say their bill will help fight one of the biggest threats facing the country.

'Congress must lead on this critical issue and we hope the White House will join us,' they said. They also noted that steps had been taken to amend the bill to address privacy and civil liberty concerns.

The White House added that the bill treated cyber security as an intelligence activity, which put at risk long-standing efforts to preserve the civilian nature of the internet.

'Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens,' the White House said.

Republicans, the US Chamber of Commerce and companies such as Facebook and Google are receptive to the legislation because it does not impose new regulations on businesses to share information, making that step voluntary.


October 26 2011 - US Congressman Lamar Smith introduces the 'Stop Online Piracy Act' (Sopa) to the House of Representatives. The bill is widely criticised for giving corporations too much power and not doing enough to protect citizens' privacy

November 30, 2011 - US Congressman Michael Rogers introduces Cispa to the House of Representatives

January 18, 2012 -Wikipedia blacks out in protest against the cyber security bills

January 19 - Self-proclaimed members of the 'hacktivist' group Anonymous claim responsibility for attacks on the sites of several pro-Sopa organisations such as the RIAA and to protest against Sopa

January 20 - The House Judiciary Committee announces it will postpone the consideration of Sopa until there is wider agreement on a solution

April 16 - 'Stop Cyber Spying Week' starts, with many civil liberties groups and advocates raising awareness of Cispa through Twitter

April 25 - Barack Obama threatens to veto Cispa, saying it would undermine privacy and fail to protect critical infrastructure systems

April 26 - The United States House of Representatives passes Cispa

Voices: What people are saying

'Cispa creates a voluntary information-sharing network, with rigorous privacy requirements in place, that will provide private sector and many critical infrastructure entities with classified threat information to allow them to better secure their networks.'

US Congressman Jim Langevin, defending his vote for Cispa in the House of Representatives

'We should never underestimate the federal government's insatiable desire to control the internet.'

Ron Paul, former Republican presidential candidate

'We recognise that a number of privacy and civil liberties groups have raised concerns about the bill - in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cyber security.'

Joel Kaplan, vice-president of public policy for Facebook