SOPA Part II: New Cyber Intelligence Bill Threatens To Label Alleged Infringers As National Security Threats

Posted by · April 5, 2012 4:14 pm

If you thought the Stop Online Piracy Act (a.k.a. SOPA) was scary, wait until you get a load of this. It’s called the Cyber Intelligence Sharing and Protection Act, or CISPA. Unlike SOPA, which would have empowered private companies to take preemptive action against sites merely suspected of copyright infringement, this new bill takes it a step further.

Great Seal Bug from NSA archivesIn a purported effort “[t]o provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes,” CISPA threatens to take the targets of failed bills SOPA and PIPA and, instead of bypassing due process as would have been the case under that pair of bills, allow them to be labeled as threats to national security. That is, instead of having a site that allegedly infringes on another’s copyright protections shut down without filing so much as a court complaint, this bill would allow the clandestine intelligence apparatus of the U.S. to turn its traditionally external gaze inward.

This is done by the amendment that CISPA would make to the National Security Act of 1947 by—and this is according to the Congressional Research Service’s official summary of the bill—“add[ing] provisions concerning cyber threat intelligence and information sharing.”

The primary term of concern is “cyber threat intelligence” and its disconcertingly broad meaning. Borrowing again from the CRS’s official summary, the following explanation is given regarding CISPA’s definition of this term (emphasis added):

Defines “cyber threat intelligence” as information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from: (1) efforts to degrade, disrupt, or destroy such system or network; or (2) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

From SOPA To CISPA

Quite predictably, the provisions emphasized above are of particular concern to those of us interested in maintaining a clear legal protection of personal privacy. By establishing a basis for a relationship between the National Security Agency (NSA) and private entities, the act would leave the door open for the type of due process violations that led Internet activists to organize the historic SOPA Blackout Day protest just a few months ago. What makes this piece of legislation particularly ominous, however, is the fact that it allows all of this information gathering and sharing to be done covertly.

The use of such sweeping language to define the bill’s key terms leaves the lion’s share of CISPA’s power to the discretion of an agency so secretive that even Congress has a difficult time getting answers without being blocked by a state secrets claim. As such, a potential interpretation of the bill could not only bring the entire globe within the purview of NSA surveillance—subjecting any and all personal online communications or activity to potential monitoring—but, according to Raw Story senior editor Stephen Webster, could also lead to “NSA wiretapping [of] publications like The New York Times, The Guardian and Wikileaks in the likely event that they obtain classified, secret or otherwise inconvenient information on governments or corporations.”

Webster goes on to inform us that companies including AT&T, Microsoft, Facebook, Intel, and others have already publicly expressed their support for CISPA. Meanwhile, despite being originally introduced all the way back in November, CISPA still hasn’t quite entered the public discourse, which serves to explain the current lack of public outrage to a bill the poses to make SOPA and PIPA pale in comparison.

Nevertheless, just as in the case of SOPA and PIPA, this is not to say that matters of Internet piracy and cybersecurity do not warrant legislative attention.

Speaking to Russia Today on the matter, Kendall Burman of the Center for Democracy and Technology made clear that the concern over CISPA is not its purported purpose but the broad and generally unaccountable means by which it hopes to achieve it.

“We have a lot of concerns with the breadth of the bill,” Burman explained. “If it was very narrowly tailored to information that was very much related to cyber threat information, there would be comfort level with that. But the way that it is written, it applies to so much of your online communication, and to have that risk go straight to the National Security Agency, we think, creates a real civil liberties problem.”

That being said, there is a fair amount of skepticism surrounding CISPA’s potential of clearing Congress, at least not before the 2012 elections. By then, it seems safe to assume that a resistance comparable to that inspired by SOPA and PIPA will be causing enough of an uproar for the bill’s 106 House co-sponsors to think twice before placing their political careers on the line.

What do you think? Will CISPA face the same fate as predecessors SOPA and PIPA? Share your point of view in the comments below.