Just when you thought it was safe to go out on the InterWebs comes a new effort by Congress to put a snoop on every cellphone and two spies in every cable modem. Contrary to what you may have read, the Cyber Intelligence Sharing and Protection Act is not SOPA II. But in many ways, it's worse.
CISPA aims to beef up our nation's cyber defenses by allowing government agencies and private organizations to share information about potential threats, even if that intel might otherwise be classified. Who could possibly object to that? Anyone who's taken a close look at the bill.
[ Also on InfoWorld: Remember when we said nope-a to SOPA? It's time to do it again. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
Thanks to vague and overbroad language, CISPA as it currently stands would apply to any "theft or misappropriation of private or government information, intellectual property, or personally identifiable information" -- way beyond what might logically constitute a threat against this nation.
In other words, CISPA could be used to shut down sites that have published classified information (like WikiLeaks or the New York Times), as well as prosecute individuals for sharing copyrighted content or blowing the whistle on corrupt organizations. As the Electronic Frontier Foundation notes:
The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
According to CISPA, Uncle Sam could enlist the help of your ISP, wireless carrier, Google, Facebook, or any other private entity to identify cyber threats, and you wouldn't be able to sue these entities for violating your privacy so long as they acted "in good faith." TechDirt's Leigh Beadon digs a little deeper:
CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals. There is no incentive in the bill to anonymize this data -- there is only a clause permitting anonymization, which is meaningless since the choice of what data to share is already voluntary.