SOPA and PIPA have come and gone. Protectors of internet freedom rejoiced a major victory when these two fell by the wayside. However, the anti-piracy brigade isn’t done yet: Enter CISPA (Cyber Intelligence Sharing and Protection Act, text here). CISPA would be an amendment to the National Security Act of 1947, adding a section that addresses “cyber threats” and “cyber security” measures.
I will start this post by stating that I am NOT an expert in digital public policy. I often rely on outside sources to help me understand the legal jargon that most proposed bills entail. Also, to be fair, I get it. Piracy is bad. Those producing music, tv shows and movies are not getting some of their pieces of the pie because it is being shared for free somewhere online. Advertisers’ money is not being well spent when people aren’t going through the standard legal channels to view their media. My biggest concern is that, in writing these bills and their following amendments, there ALWAYS has to be something put in the wording that allows for things that make the rest of us uncomfortable. There is always some phrase or paragraph that just sounds like those drafting it decided to see how much they could get away with, as long as no one was paying attention.
For CISPA, there is quite a bit of vagueness that has many people unsettled. Although the bill claims to not be targeted at shutting down or censoring websites, the wording is vague and seems as though it could be easily malleable to fit unintended needs. I am also concerned with another part. There is a section which I am interpreting that “As long as the entity reports a cyber threat or cyber security risk, it does not need to be reported to the general public.” I could be misinterpreting the underlined section below:
(C) if shared with the Federal Government—
‘‘(i) shall be exempt from disclosure under section 552 of title 5, United States Code;
‘‘(ii) shall be considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information; and
‘‘(iii) shall not be used by the Federal Government for regulatory purposes.
It sounds to me that reporting this is up to the discretion of the entity as long as the government knows about it. If a company’s security is breached, and they have sensitive information about their customers, they don’t have to tell us? Is that right?
What is also scary about CISPA is that it actually has support from some key online players, namely Microsoft and Facebook. Scary fact number two is that Anonymous has begun digital attacks on some of the bill’s other supporters, most recently Boeing, among others. Would they have the audacity to hack Microsoft and Facebook? That could lead to some pretty serious repercussions for the rest of us in terms of social media marketing.
What are your thoughts on CISPA? Do you translate the above section differently than I do? Do you think Anonymous will attack Microsoft and Facebook next? Chime in below.
Also, for anyone interested in signing a petition agains CISPA, here is a link to one from FreePress.
Now go get your social on!