The U.S. House of Representatives recently passed CISPA, the Cyber Intelligence Sharing and Protection act, a far-reaching and vague bill that would enable warrantless spying on internet traffic by proxy of employers, ISPs and websites you use.
The only reason necessary is suspicion of a “cybersecurity threat,” which is so loosely defined as to include the use of anonymization tools like Tor and VPNs, or using GPG to encrypt your emails. Perhaps even BitTorrent. Basically, anything that somebody could deem “suspicious” is enough justification for a business to monitor your internet usage and report their findings back to the Department of Homeland Security.
The Electronic Frontier Foundation has a frequently asked questions page about CISPA, for more in-depth information, as well as a form to contact your senators. Since the bill passed the House, it’s up to the Senate to strike it down. President Obama issued a statement of his intent to veto a bill that would “sacrifice the privacy of our citizens in the name of security,” but senatorial opposition is still needed.
CISPA stands for The Cyber Intelligence Sharing and Protection Act, a cybersecurity bill written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) (H.R. 3523). The bill purports to allow companies and the federal government to share information to prevent or defend from cyberattacks. However, the bill expressly authorizes monitoring of our private communications, and is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws. Because the bill is so hotly debated now, unofficial proposed amendments are also being circulated and the actual bill language is in flux.
“Cyber” bills of any kind are pointless, even when they’re not harmful. There is no crime that can be committed using a computer that is not already sufficiently covered by existing legislature. There are no laws specifically for “ski-mask-robbery” or “battery-with-an-encyclopedia,” and neither should there be “computer-thievery” or “internet-fraud.” You don’t need “cyberbullying” laws, for example, when you already have laws against harassment, assault and battery, slander/libel, et cetera.
