800+ major corporations and U.S. Chamber of Commerce support internet freedom-crushing CISPA25/04/2012 13:38
By Madison Ruppert
End The Lie
It’s quite sad for me to say that over 3 million businesses in the United States represented by the U.S. Chamber of Commerce, not to mention 800+ other major corporations (see below list), all have shown their support for the disturbing legislation known as CISPA, or the Cyber Intelligence Sharing and Protection Act.
This long list includes corporations like Google, Facebook, AT&T, Verizon, Microsoft, IBM, Boeing, Intel, the Financial Services Roundtable, Lockheed Martin, Qualcomm, Northrop Grumman, VeriSign, Symantec, Oracle, the National Cable & Telecommunications Association, the Internet Security Alliance, the information Technology Industry Council, the Independent Telephone & Telecommunications Alliance, Cyber, the Space & Intelligence Association, CTIA – the Wireless Association, the Business Roundtable and more (all of which are listed below).
Please take a moment out of your day to either share this article or at least the list of corporations behind this legislation in order to help coordinate a boycott effort.
I believe it would also be beneficial to call them repeatedly (inundating their phone lines can be a major headache), shower them with emails, letters, etc. all in an attempt to get them to back away from CISPA.
Widespread protest efforts were quite successful in bringing down the Stop Online Piracy Act (SOPA), but now we have to keep in mind that many of the corporations who were anti-SOPA are actually pro-CISPA.
This means that the public will have to be engaged to a much more significant degree in order to have an impact even remotely comparable to what we saw in opposition to SOPA and the Protect IP Act (PIPA).
The real reason that corporations who were against SOPA and PIPA but are now behind CISPA is because, unlike the previous legislation, it removes all liability from the corporations and shifts the regulatory pressure away from the company.
SOPA actually required private corporations to keep tabs on all of their user activity and made them liable for their users and their activities.
CISPA, on the other hand, shifts that responsibility away from the private corporations completely and hands that role over to a government entity.
This makes it so corporations are protected from lawsuits from a user who has their private information given to the government under CISPA.
Now I’m sure you can see why companies like Google (which protested SOPA in a quite visible manner) and Facebook (which also voiced opposition to SOPA) are champing at the bit to get behind CISPA.
“CISPA would allow ISPs, social networking sites and anyone else handling Internet communications to monitor users and pass information to the government without any judicial oversight,” according to the Activism Director for the Electronic Frontier Foundation (EFF), Rainey Reitman. “The language of this bill is dangerously vague, so that personal online activity — from the mundane to the intimate — could be implicated.”
What exactly does “dangerously vague” mean, you ask? Well, the EFF has done a fantastic job of explaining exactly what they mean.
CISPA would allow “access to any information regarding a ‘cyber threat’ is granted to the government, privacy security agencies and private companies.”
CISPA’s definition of a “cyber threat” is as follows:
- Efforts to disrupt or destroy government or private systems or networks.
- Theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
In this context, misappropriation means “wrongful borrowing” and intellectual property means anything protected by a copyright including programs like Photoshop and Microsoft Office, MP3s, television shows and movies, and absolutely anything in between.
The purposefully vague language of CISPA leaves room for abuse in the following ways (according to this informative infographic from the EFF):
- The government, private security agencies (think HB Gary and many more), and private companies (which are already being brought into the fold) acting in “good faith” actually means maybe you did it (whatever it allegedly may be).
- These entities can share “cyber threat information” which, in reality, is your personal information with other private companies, private security agencies and government entities.
- They can do this all with total anonymity, meaning that they don’t have to tell you what they’re doing or if they’re sending your information to someone or even who they are sending it to.
- It also gives these entities immunity to legal action, which means that you can’t take action against any of them, even if they made a mistake with your information.
“Any existing legal protections of user privacy will be usurped by CISPA. The bill clearly states that the information may be shared ‘notwithstanding any other provision of law,’” they add.
Recently, Joel Kaplan, Facebook’s vice president for U.S. public policy, attempted to reassure users. In my opinion, he failed miserably in attempting to say that it only would allow them to share information about possible cyber attacks while not forcing any new data sharing obligations, adding:
[W]e recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users.
EFF shot back in a quite thorough blog post entitled, “What Facebook Wants in Cybersecurity Doesn’t Require Trampling On Our Privacy Rights.”