#Tech » 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed Comments Feed alternate alternate Tech WordPress.com TIME Time.com MY ACCOUNT SIGN IN SIGN OUT SUBSCRIBE SUBSCRIBE Home U.S. Politics World Business Tech Health Science Entertainment Newsfeed Living Sports History The TIME Vault Magazine Ideas Parents TIME Labs Money LIFE The Daily Cut Photography Videos TIME Shop The 100 Most Influential People The 25 Best Inventions of 2015 Future of Giving Global Trade Know Right Now Next Generation Leaders Person of the Year 2015 Top 10 Everything of 2015 Top of the World A Year In Space Subscribe Newsletters Feedback Privacy Policy Your California Privacy Rights Terms of Use Ad Choices Ad Choices RSS TIME Apps TIME for Kids Advertising Reprints and Permissions Site Map Help Customer Service © 2016 Time Inc. All rights reserved. Subscribe Sign InSubscribe Opinion 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed By Matt Peckham @mattpeckhamApril 19, 20120 * Share + + + + + + [pin_it_button.png] * Read Later + [white-15.png] Send to Kindle + + cyber-security Caroline Purser / Getty Images * Email * Print * Share + Facebook + Twitter + Tumblr + LinkedIn + StumbleUpon + Reddit + Digg + Mixx + Delicious + Google+ * Comment Follow @techland So long SOPA and PIPA, hello Cyber Intelligence Sharing and Protection Act (CISPA), a bill proposed last November to give the government new powers to secure networks and thwart copyright violators. It’s finally up for a vote later this month, sparking protests all this week in what’s looking like another informational ramp-up to leverage the court of public opinion against the bill’s passage. Debate on SOPA, a bill that sought to give the government broad powers in combatting online piracy, was postponed indefinitely after users and companies including Google, Wikipedia and Reddit gathered signatures for anti-SOPA petitions or staged actual service blackouts in mid-January. Next up: CISPA, a bill that would essentially nullify current privacy laws and set companies up to share data about users with the government without the need for court orders. CISPA would amend the National Security Act of 1947 — responsible for merging the Department of Navy and War, splitting the Air Force from the Army and creating both the Central Intelligence Agency (CIA) and National Security Council (NSC) — by adding provisions that would apply to cybercrime. It aims “[to] provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” as well as “other purposes.” (MORE: Did It Work? ‘Day After’ Results of the SOPA, PIPA Blackout) What qualifies as a “cyber threat” according to the latest draft of the bill? …information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from (A) efforts to degrade, disrupt, or destroy such system or network; or (B) efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information. What’s more, the bill would require the Director of National Intelligence to both design procedures to facilitate information sharing between private and government sectors, as well as “encourage the sharing of such intelligence.” Before I get into CISPA’s overt problems, it’s worth stating that I think we’re all — proponents and opponents of CISPA — in favor of intelligent, reasonable and appropriate measures when it comes to grappling with cybersecurity. No one wants to live in a world where companies or government agencies are routinely sabotaged and the Internet critically disrupted. But getting this stuff right off the block is crucial. As Ben Franklin once said, “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” CISPA does away with important information-sharing barriers between the government, military and private sector. According to the Center for Democracy & Technology, CISPA threatens privacy because it “has a very broad, almost unlimited definition of the information that can be shared with government agencies and it supersedes all other privacy laws,” “is likely to lead to expansion of the government’s role in the monitoring of private communications” and “is likely to shift control of government cybersecurity efforts from civilian agencies to the military.” The restrictions on what can be snooped or how that information can be used are vague. CISPA’s vaguely defined usage restrictions mean your information could be used for purposes other than or only indirectly related to cybersecurity. The Electronic Frontier Foundation says “a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop ‘cybersecurity’ threats.” (MORE: SOPA Officially ‘Postponed’ Until Further Notice – PIPA, Too) If a company violates your privacy, you have to go to the moon to hold them liable. In the latest draft of the bill, to find a company guilty of “willful misconduct,” you have to show that it engaged in an “act or omission” that was made: (I) Intentionally to achieve a wrongful purpose; (II) knowingly without legal or factual justification; (III) in disregard of a known or obvious risk that is so great as to make it highly probable that the harm of the act or omission will outweigh the benefit. In addition to proving that a company “intentionally” and “knowingly” did wrong, then, you have to somehow show that the company knew the risks outweighed the benefits. How a company’s supposed to determine this, to say nothing of how you’re supposed to prove it, is anyone’s guess. The bill’s definition of “cybersecurity purpose” is too broad and vague. The EFF argues the bill’s current rationale for cybersecurity information gathering “is so broad the it leaves the door open to censor any speech that a company believes would ‘degrade the network’.” An extreme example: Company X decides its network performance issues are security-related, grabs beaucoup information about its users, then uses that data to surveil and/or study users’ habits (think of the side benefits), or alternatively to censor a website (an obvious example here would be Wikileaks). There may be a better, wiser, narrower bill in the offing. Of all the bills on the table, the only one groups like the CDT support is the PRECISE Act, which would “establish a non-profit, quasi-governmental National Information Sharing Organization [NISO] to serve as a national clearinghouse for the voluntary exchange of “cybersecurity threat information,” taking in reports, and sharing them back out, among the federal government, state and local governments, and industry.” According to the CDT, NISO …is likely to be more effective at quickly responding to cybersecurity threats – and would pose fewer civil liberties risks – than would a government-run information sharing hub. While the NISO board of directors would have governmental representatives and representatives of privacy interests, it would be dominated by industry. MORE: Why We Won’t See Many Protests like the SOPA Blackout Matt Peckham @mattpeckham Matt Peckham is TIME's video games, science tech and music tech correspondent based in Ann Arbor, Michigan. His work has appeared in Variety, The Washington Post, The New York Times and others. 0 comments Livefyre * Get Livefyre * FAQ Sign in + Follow Post comment Link Newest | Oldest SubscribePopular Among Subscribers [a_postcard_tokyo_0617.jpg] Japan's Booming Sex Niche: Elder Porn [wkids_0303.jpg] Young Kids, Old Bodies [int_cover_1028.jpg] Benedict Cumberbatch Talks Secrets, Leaks, and Sherlock [cover_0310.jpg] Obama's Trauma Team Get all access to digital and printSubscribe * Most Popular * From Tech 1. How to Sign Your Name Inside a Word Document 2. An iMessage App Is Now Available for Android, but There’s a Catch 3. Yes, the PlayStation 4 Supports External Storage, but There’s a Catch 4. The 5 Best Sites for Downloading Gorgeous Retina Wallpaper 5. 92 Teen Text Terms Decoded for Confused Parents From Time.com 1. Russian Forces Double Along Ukraine Border 2. Gangs of ‘Powerfully Built’ Women Are Mugging Tourists on the Streets of Hong Kong 3. Putin Phones Obama To Discuss Ukraine, White House Says 4. Colbert Tweet Draws Accusations of Racism and #CancelColbert 5. There’s A Scientific Reason for Why You Look Weird In Selfies Connect With TIME * * * * * More videosVideos Add to website or blog http://www.time.com/ Copy Code Cancel Email to a friend Friend's email______ Send Cancel Facebook Twitter Google+ * Embed * Email * Share * * * * Quick Gmail Trick: Pre-Write Email Messages with Canned Responses Quick Gmail Trick: Pre-Write Email Messages with Canned Responses * Quick Tech Trick: Use Your iPhone as a Flashlight Quick Tech Trick: Use Your iPhone as a Flashlight * Quick Tech Trick: Search a Specific Site with Google Quick Tech Trick: Search a Specific Site with Google * Home * U.S. * Politics * World * Business * Tech * Health * Science * Entertainment * Newsfeed * Living * Ideas * Parents * Sports * History * The TIME Vault * Magazine * Subscribe * Give a Gift * TIME Shop * Newsletters * Customer Service * Site Map * Privacy Policy * Your California Privacy Rights * Terms of Use * Advertising * Ad Choices Ad Choices © 2016 Time Inc. All rights reserved.