Proposed Amendments to #CISPA Don't Protect Privacy
Yesterday, the House Intelligence Committee released proposed changes to the Cyber Intelligence Sharing and Protection Act of 2011, also known as CISPA that, according to its sponsors, represent "huge progress" towards addressing the privacy and internet freedom community's concerns.
But, many privacy advocates, including the ACLU, and groups including the Center for Democracy and Technology, Free Press, the Electronic Frontier Foundation and the Constitution Project still maintain their opposition. The changes are so underwhelming that even the Obama administration issued a statement yesterday that their privacy concerns persist.
Here are some of the main problems with CISPA:
1. CISPA still allows companies to share lots of sensitive and private information about our internet use with the government. The proposal amended the definition of what could be shared by taking out its explicit reference to stealing "intellectual property." But it still allows the sharing of Internet use records or the content of emails for "cybersecurity purposes" and unlike proposals drafted by Sens. Joe Lieberman and Dianne Feinstein or the Obama administration, CISPA does not require companies to even make an effort to remove information that could be tied to a specific individual.
2. CISPA still lets military agencies such as the National Security Agency directly collect the Internet records of American citizens who use the public, domestic, civilian Internet. The proposed changes state that the Department of Homeland Security should be cc'd when companies share our private details with the military and others, but this is no substitute for ensuring that a civilian agency is put in charge of collecting Americans' information.
3. CISPA still lets the government use the private information it collects about us for any purpose it deems fit outside of regulation. For four months, the draft bill has remained the same: the government can use information collected under this broad new program for "any lawful purpose" so long as a "significant purpose" of its use is a cybersecurity or national security one. But as former federal and FISA court judge James Robertson said at a congressional briefing this week, this "significant purpose" limitation is meaningless. The Patriot Act inserted this language into our foreign intelligence surveillance laws, and since then, in Judge Robertson's words, they've had a "hole you could drive a truck through."
Hard to see the progress here.
CISPA is still expected to hit the House floor for "Cybersecurity Week" next week. You can find out more about the bills in this memo, and more importantly, help us spread the word on Twitter and write to your Member of Congress today. Let Congress know that in spite of the minor changes floated by the House Intelligence Committee, you still oppose CISPA.