Meet the New Bill, Same as the Old Bill

The lesson of legislative overreach by private interests attempting to gain a foothold in the Internet appears to be: “Here we go again.”

First, there was ACTA, then SOPA and its twin sister PIPA (no, not that Pippa). And widespread popular resistance actually did the trick for once and managed to combine into sufficiently organized and visible opposition to force congressmen to stand up for the broader public interest. But after that impressive and awe-inspiring moment of collective action had swelled and subsided, the organized and staffed institutions of private interests have regrouped and waited out all of the momentum that had been gained by their opposition.

And so, the ever-regenerative hydra has reared another ugly head: CISPA. The “Cyber Intelligence Sharing and Protection Act of 2011,” provides for unfettered information sharing and measure-taking in the vague name of “cybersecurity.”

“CISPA would allow ISPs, social networking sites, and anyone else handling Internet communications to monitor users and pass information to the government without any judicial oversight,” said EFF Activism Director Rainey Reitman in a statement. “The language of this bill is dangerously vague, so that personal online activity – from the mundane to the intimate – could be implicated.”

CISPA is just about as bad as SOPA/PIPA in terms of what it would do to online privacy: CISPA authorizes companies to take any step necessary (including shutdown of accounts by internet properties or blocking access to threatening sites by your internet service provider) of any site or account that is deemed a “cyber threat” by basically anyone.

CISPA, much like the NDAA, is couched almost entirely in the irrefutable rhetoric of “stopping cyberthreats and promoting national security.”  That is, that logic is irrefutable as a practical matter because those sentiments are entirely opaque and lack any content. Seriously, the definition of “cyber security purpose” is to protect networks from:

(A) efforts to degrade, disrupt, or destroy such system or network; or (B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

That’s it? You ever post a link to a song on YouTube on your Facebook account? That could be “misappropriation of intellectual property,” and under the terms of CISPA, Facebook or YouTube can ban your accounts, and your internet service provider can block your access to YouTube or Facebook. Seriously, Congress is about to pass a bill that broadly and vaguely infringes your rights to speech and private activity, and mostly at the insistence of tech companies.

CISPA is primarily a surveillance bill. With CISPA, a company like Google, Facebook, Twitter, or AT&T could intercept your e-mails and text messages, send copies to one another and to the government, and keep it from being sent if it fits into a plan to stop “cybersecurity” threats.

So, say the government thought you were discussing a cybersecurity threat or IP theft — such as illegal file sharing somehow related to cybersecurity — on Facebook. The bill would not force Facebook to hand you over to the feds, yet CISPA does make it so that Facebook will be completely unrestricted (say, by your rights) to cooperate with Homeland Security to the fullest extent.

Or, if you’re a visual learner, there are some pretty excellent flowcharts to explain how your data gets shared with basically whoever asks for it because a “threat” (remember, this includes for misappropriation of “intellectual property,” which is basically everything ever written under current Copyright law) needs only to be identified “in good faith.”

Of course, the White House has issued a statement expressing concerns about the bill’s overreach in its potential effects on privacy, but neither Obama nor the country can resist the appeal of enhancing our ability to fight “the terrorists” or “cyber threats” to our “nation’s critical infrastructure vulnerabilities,” again, whatever that means. So, “here we go again,” with Obama talking pretty on values, but then taking the expedient way out of a political “pickle,” with the voters bearing the deadweight loss of privacy obliteration.

Perhaps the more fundamental political problem–and the more direct reason for the “here we go again”–is that CISPA has corporate support this time around. Unlike SOPA/PIPA and the now-infamous day of blackouts on Wikipedia, Reddit, and more, people’s hackles were forcefully raised by the corporations they take for granted. Sure, folks have made some nice tools to help you voice your opposition to CISPA, and I urge you to use them. But now, the likes of Microsoft, AT&T, and Facebook have signed on to support CISPA since it immunizes them from operating hand-in-glove with government or media companies who want to control online activity. And after all, this is a pure legal immunization of Facebook’s business model: handing over users’ data to people who “lawfully” ask for it. And that’s all Congress is going to care about.

It was my impression that America is not in the business of writing blank checks to government without a decent reason. After all, that is the logic that might prevail and preclude the individual mandate of the Affordable Care Act from surviving the Supreme Court. But by that logic, I suppose there’s nothing in the Constitution that prevents the government from writing a blank check to private companies.