Zombie CISPA Follows Lizard Squad
Remember CISPA, the draconian law and cousin to SOPA and PIPA, which would give the US government unprecedented control over that champion of intellectual freedom, the Internet? Well, thanks to the recent antics of hacker group Lizard Squad and the government’s insistence that these actions were actually those of “rogue state” North Korea, CISPA is being re-introduced by Rep. Dutch Ruppersberger (D-Md.), a member of the House Intelligence Committee.
The SOPA bill was one of the issues Aaron Swartz used his wealth and stature as the founder of Reddit to fight to the death. SOPA, short for Stop Online Piracy Act, was a bill written explicitly for the benefit of major content creators. It would have gone so far as to force Internet service providers to prevent access to websites deemed in violation of the law. While this would have required a court order, we’ve seen with the PATRIOT Act and others how quickly and en masse such orders can be manufactured.
Zombie CISPA Unchanged
Ruppersberger has made no changes to the CISPA he has reintroduced, which smacks of opportunism. With all the fervor surrounding the recent attacks on Sony Pictures, it must seem, anything that sounds like it’s going to make the Internet more controlled will probably get a lot of Yeas. Will it get enough? Time will tell if the bill even makes it to vote. However, it would be wise of the congressman and anyone else who favors legislation like these that, in fact, cyber security doesn’t happen through the passing of laws. That code on cotton-infused paper, signed with gold pens, does not have nearly the same power over technology as does the code on the computer terminals of hackers and programmers good and bad alike.
Microsoft, long the anti-Christ for many in the technology field, favors CISPA, seeing it as a simple way to allow for communication between corporations and the government. But groups like the Electronic Frontier Foundation state the obvious: corporations are already allowed to talk to the public and to the government about security-related matters. If the purpose of the Cyber Intelligence Sharing and Protection Act is simply to do that, a new law is not necessary.
What CISPA Does
The inference of CISPA is that it will allow intelligence officers to share national security information with entities like Google when it is “consistent with the need to protect the national security of the United States” to do so. Those receiving the data must have a security clearance, and the bill also grants higher-ranking intelligence officials to expedite the process of individuals receiving the clearance. Right off the bat, this opens up the possibility of government preference. Quid pro quos could abound if one company is less reticent with user data than another. Amendments to the bill attempted to address this concern, saying that the government could not share its data on the basis of user information being acquired, but by then the bill had received a crushing blow of disapproval from the Obama administration.
The bill specifically prohibits an organization receiving the threat information from sharing it with any other entity. This is counter-intuitive to the best practices in cyber security, for the more active members of the community aware of a given problem, the faster its solution will be found. It also raises the possibility that a vulnerability detected independently could then be classified by the government and the “uncertified” entities in possession of knowledge of it could then be in breach of CISPA.
It further prevents lawsuits from being taken against those organizations who co-operate with the government when their decisions may adversely affect their users or otherwise. “Acting in good faith” not withstanding, this could easily lead to situations where companies took new, privacy-destructive actions against their users in response to “national security threat information” but the users are stripped of their legal recourse. Providing immunity to its chosen few is a scary proposition which, if passed, could set a precedent for future technology bills which might enable companies to act unethically and get away with it. That which is legal is not always ethical, but so it goes.
Ambiguously, the bill seems to authorize companies to be on the lookout for certain kinds of content. While it specifically refers to violence and child pornography (2C1A), later changes could be made on the fly after the bill is passed which expand to all kinds of content. When speaking of national security, the radical movement is often a target, and it wouldn’t be hard to imagine them adding some sort of “seditious language” clause to the same section covering kiddie porn. Further, there are already so many laws on the books dealing with the problem of digital child pornography that this seems very specifically a means of garnering support rather than a feature of the legislation.
What CISPA Doesn’t Do
CISPA does not make the Internet safer for this journalist, for the reader, or for anyone else. It does not make the nation safer. It does not expand government powers in the right direction (if any expansion is truly necessary).
Most importantly, CISPA would not have prevented the Sony Pictures attack, which the best informed of security researchers feel was definitely a domestic act. Going back a few years, we see that the FBI orchestrated much of the activities of LulzSec in 2011, and it was around this time that the government wanted CISPA the first time. Now we’ve all witnessed the actions of Lizard Squad, brash and extremely defiant, and CISPA comes back from the dead, a zombie that should be resting in the same crypt as the Corwin Amendment.
Is it still the realm of conspiracy theorists, after history has given us the Gulf of Tonkin and incidents like it, to think that perhaps the federal government was behind this one too? That would explain why the FBI is insisting North Korea was behind the attack in the face of mounting evidence to the contrary. We have all the makings of a new encroachment on digital liberties. It’s getting tiresome.
Images from Shutterstock.