April 16, 2012 at 6:10 PM ET
This week, Internet activists have a whole new acronym they want you to protest -- CISPA. That's the Cyber Intelligence Sharing and Protection Act (HR 3523), which "will negate existing privacy laws and allow companies to share user data with the government without a court order," the Electronic Frontier Foundation warns.
But don't expect website blackouts or symbolic gestures of disapproval, as we did on January 18, the day of the SOPA Internet protest. Unlike the Stop Online Piracy Act (SOPA) , which was protested by corporations, CISPA has support among the tech giants including Facebook, IBM and Microsoft.
(Msnbc.com is a joint venture of Microsoft and Comcast’s NBC Universal unit.)
Facebook, owner of the world's largest social graph -- the map of everyone you know and predictor of anything you might do -- even asks users to trust corporations and the government to do what's best.
Why? Well, with CISPA, tech giants stand to benefit because the government is helpfully alleviating corporations of liability.
Lifehacker breaks it down in a great explanatory piece:
The main reason companies are supporting CISPA is because it takes the pressure to regulate users off the private company. SOPA required private companies to keep track of what its users were doing and held private companies liable for its users. CISPA transfers that role and responsibility over to a government entity. Effectively, it makes it so a company cannot be sued by a user for handing their information over to the law.
So what's the problem?
"CISPAwould allow ISPs, social networking sites and anyone else handling Internetcommunications to monitor users and pass information to the government withoutany judicial oversight," EFF Activism Director Rainey Reitman said in astatement. "The language of this bill is dangerously vague, so thatpersonal online activity -- from the mundane to the intimate -- could beimplicated."
What does EFF and other Internet advocates consider "dangerously vague?" As EFF explains:
Under the CISPA bill, "access to any information regarding a 'cyber threat' is granted to the government, privacy security agencies and private companies."
- CISPA's definition of a cyber threat: Efforts to disrupt or destroy government or private systems or networks.
- Theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
- Misappropriation: In this context, it means "wrongful borrowing."
- Intellectual property: Anything from Photoshop to the latest Nickelback album.
Here's where CISPA's vague language leaves room for abuse:
- The government, private security agencies and private companies acting in "good faith": "maybe you did it."
- Can share "cyber threat" information equals sharing your info with other companies, private agencies and the government with 100 percent anonymity means they don't have to tell you they're doing it.
- Immunity to legal action: You can't take action even if someone made a mistake with your info.
- Any existing legal protections of user privacy will be usurped by CISPA. The bill clearly states that the information may be shared "notwithstanding any other provision of the law."
On Friday,Joel Kaplan, Facebook's VP for U.S. public policy, assured users in a blog post that CISPA would allow the social network and other companies to share information with the government about possible cyber attacks, without imposing new obligations to share data with the feds:
That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place -- the additional information it would provide us about specific cyber threats to our systems and users.
EFF, for one, isn't buying it. In a lengthy response to Kaplan's post, EFF noted that the government can share information about cyber threats with companies such as Facebook without "any of the CISPA provisions that allow companies to routinely monitor private communications and share personal user data gleaned from those communications with the government."
Furthermore, EFF isn't willing to take Facebook at its word:
Internet users don’t want promises from companies not to intercept our private communications and share that data with one another and the government. We want strong laws that make such egregious privacy violations illegal, that require the government to follow legal process (judicial oversight in most case), and that allow us or the government to sue persons who break the law."
The House will vote on CISPA on April 23. Here's what you need to know about the bill and how it's being protested, courtesy of EFF.
Helen A.S. Popkin goes blah blah blah about online privacy, then asks you to join her on Twitter and/or Facebook. Also, Google+. Because that's how she rolls.
