Tuesday, 8 May 2012

US strongly divided over controversial intelligence law

Public opinion in the United States is hugely divided over a new law that would allow technology and manufacturing companies and the US Government to share sensitive data.

On 26 April, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), which was introduced in November 2011 and aims to fight cyberattacks and online crime. Although more than 800 US companies - including Facebook, IBM, Verizon and AT&T - support the law, CISPA is fiercely opposed by privacy groups, journalists and civil rights organisations, such as Reporters Without Borders and the Electronic Frontier Foundation. 

CISPA will “almost definitely” violate civil rights and invade privacy, said James Skyles, a Partner at Skyles Law in Mount Prospect, Illinois. He understands, however, why companies support the proposed legislation: “The economic impact of data information sharing would be a positive one.”

“Are you asking me, does the bill leave open the possibility of the government egregiously violating citizens’ civil rights? Sure, if the feds do not follow the parameters of when and what kind of information they are entitled to share”, said Aaron Kelly, of Kelly Warner in Temple, Arizona.

“CISPA goes too far for little reason", said Michelle Richardson, of the New York City-based American Civil Liberties Union. "Cybersecurity does not have to mean abdication of Americans' online privacy. The government gets expansive national security authorities, there is no going back. We encourage the Senate to let this horrible bill fade into obscurity.”

However, Cordell Carter, Vice President of the Business Roundtable, an association of chief executive officers in Washington D.C., thinks “CISPA is a very positive and important piece of legislation. This law represents the best, most flexible and effective approach to developing a more robust and responsive cybersecurity infrastructure”. Carter is convinced “improved information sharing will help protect US national security and economic interests”.

Under CISPA, which is an amendment to the National Security Act of 1947, government agencies would be permitted to share data with private businesses, and companies may share information with the government on a voluntary basis. “Whether or not [CISPA] succeeds can only be determined by whether or not the private sector takes advantage of the new freedoms”, said Skyles. “It is a horse to water issue. The law does not force anyone to do anything, it merely opens up the doors.”

Since participating businesses would enjoy full legal immunity from any legal action brought by consumers who wish their data remains private, Skyles expects “issues [will] arise as to whether or not an individual can waive certain privacy rights by clicking ‘I accept’ on an end user licensing agreement. People do this every day without even thinking about it.”

Kelly, however, remarks “most people would probably be shocked to find out how much of their information is currently being used and collected by advertisers already”, and points out that, even if the Bill is eventually signed into law, it does include a provision that gives citizens the right to sue the US Government: “It is probably going to come down to the first lawsuit. If a citizen believes their civil rights have been violated, and they decide to file a lawsuit against the feds, and win… well, that would set precedence.”    

CISPA stipulates that the responsibility for domestic cybersecurity would be handed over to the National Security Agency (NSA) in Fort Meade, Maryland, which is a serious concern for Greg Nojeim, of the Center for Democracy and Technology in San Francisco. “[CISPA] leaves two key issues unresolved, the flow of information to the super-secret NSA and the broad purposes for which that information can be used." This is also a concern for Skyles: “[CISPA] is vaguely worded, which casts doubt as to both its impact and its enforceability.”

Kelly thinks it is “concerning that tech-savvy civilians could be given access to a heck of a lot of information.” He adds: “In theory, some of these social networking companies like Facebook are going to have to start vetting employees as vigorously as the CIA. As such, let’s face it, the potential for leaks skyrockets once the government decides to share information with civilians”, which makes Kelly wonder whether CISPA “is doing more to curtail national security as opposed to strengthening it”.

US President Obama
Meanwhile, US President Barack Obama said he "strongly opposes" the law since “[CISPA] could seriously damage individuals' privacy”, adding that “any legislation should not be sacrificing the fundamental values of privacy and civil liberties”. The White House has indicated Obama may veto the Bill. However, Skyles is not impressed by Obama’s statement and calls the “veto threat largely a political one”. He explains: “The letter sent by the White House press office states that a cyber security law needs to set the correct balance between privacy issues and national security, yet they have given no suggestion as to how to strike that balance, nor have they given any indication as to what would satisfy their concerns.”

The Obama administration backs another piece of legislation, a Senate bill sponsored by Senators Joe Lieberman, an Independent, and Susan Collins (Republican), that would give the Department for Homeland Security the power to set security standards. The US Senate is expected to vote on CISPA within the next two weeks.

Aaron Kelly is convinced the discussion is far from over: “Now the law has been passed by Congress, the average Jane and John are just learning about it, so I expect to see a lot more coverage of the issue, and we’ll start to see a citizen backlash. I have yet to talk to an individual internet user who is for CISPA.”

Michiel Willems © 2012 CP Publishing Ltd. London, UK. Pictures: Digitaltrends.com / Iowarepublican.com / TheOffside.com / Stuff.co.nz