It seems we are, once again, at a crossroads between security and civil liberties.
This Thursday, the House of Representatives voted overwhelmingly — 288-127 — in favor for the newly proposed Cyber Intelligence Sharing and Protection Act, or CISPA, skyrocketing the bill on through to a Senate which is already in over its head with gun control and immigration reform discussions. Though the bill is doomed to idle alongside the other legislation currently being deliberated in senatorial limbo, lobbyists representing all walks of the business industry are pushing CISPA more and more aggressively every day. And, as House Committee Chairman Mike Rogers (R-Mich.) explains, the number of private company representatives standing outside the Capitol building ready to share stories of loosing entire portfolios of intellectual property is too growing every day.
The bill proposes to permit sharing technical data between businesses and the federal government without any worry about anti-trust or classification laws. White House spokeswoman Caitlin Hayden agrees that “information sharing improvements are essential to effective legislation” and that such sharing would help businesses tremendously to ward off aggressive and sophisticated attacks from hackers in China and Eastern Europe. And, after last year’s 52% increase in cyber attacks on American power, water, and nuclear systems, CISPA seems a well-welcomed political gift.
However, the bill also plans to grant businesses legal immunity in the event that they ever are hacked, so long as they “acted in good faith” to protect their networks. This is where the situation gets a little stickier.
I for one am already uncomfortable enough whenever I hand over my personal identification and financial documentation to any of the private banks or business with which I work or am affiliated. And the fact that the CISPA bill doesn’t include a requirement that companies hold back sensitive information like health or credit records from the government, matched with the fact that the White House isn’t jumping to offer any sort of liability protections itself in lieu of the immunity its considering granting private businesses, isn’t making me feel any more comfortable; it’s really making me feel like I’m just giving my information to a larger group of people, with no one to hold accountable.
Businessman Tim Molino with the Business Software Alliance recently tried to tackle this issue of privacy protection ambiguity by suggesting there are obvious business reasons that would implore private companies to protect their customers private information. He stated, “At the end of the day, personal information is customer information, and maintaining trust with customers is a core business imperative.”
Well, Mr. Molino, as much as I trust the free-market principles of business and agree that it would be in companies best interest to sell me on their tight information security, at the end of the day, that immunity clause floating amongst the sea of text that is the CISPA bill is going to have a substantial impact on my skepticism in working with larger commercial banks or investing in other big companies. And my skepticism in investing or working with larger banks will have negative effects on our economy’s stimulation.
In an effort to combat these natural fears that (presumably) others and I share, Rep. Adam Schiff (D-Calif.) did his best to amend the bill to require companies to strip any personally identifiable information from their data before sharing it with the government. Republicans however quickly blocked his proposal from being debated on the floor because they said tough mandates might deter companies from participating. Mr. Schiff, and all other advocates of the bill, also failed to address the immense access to private computer network data analysis the bill would grant the National Security Agency (NSA), which is already a notoriously controversial infringement on personal rights and property.
I agree that defense against the imminent threats of cyber attacks must be of the utmost priority for our government and for the security of our nation. I hear Secretary of Defense Leon Panetta when he says the possibility of a “cyber-Pearl Harbor” is rapidly approaching. I understand that the Cyber Intelligence Sharing and Protection Act has the potential to strengthen our barricades against cyber warfare. But until the legislation has been properly reformatted so as to put responsibility for safeguarding my personal information security adequately, I urge Congress and the White House to refrain from recognizing the CISPA bill. Individual freedoms should be considered alongside communal or organizational threats, not cast under their shadows.