CISPA is complicated, so we wanted to simplify it and share the big points. We hope this explains what CISPA is and how it could impact you.
What is CISPA?
CISPA, which stands for “Cyber Intelligence Sharing and Protection Act,” is a controversial new cybersecurity bill that would allow the government and corporations to more easily swap private information to protect against cyberattacks and for various security purposes. Although security is undoubtedly important, critics–including the White House–argue that CISPA allows excessive government surveillance at the expense of personal privacy.
What’s the 1-sentence summary of CISPA?
If CISPA becomes law, private companies such as Facebook and Google could more easily share your personal data with the government.
Here’s one example of how this could come into play in your own life: the government thinks you might have used a copyrighted Beatles song in the cat video you put on YouTube. Under CISPA, that could be enough for them to label you a “cyber threat” and compel Google to hand over your info, which–depending on your Google usage–could contain every search you’ve ever run, every video you’ve watched, every Gmail you’ve sent or received, every place you’ve looked up on Google maps…you get the picture.
Breaking down CISPA: 7 key things to know
Key thing 1: Constitutional rights are good
The right to a trial, freedom of speech, protection from unreasonable searches and seizures…we can agree that these things are good, yes? The Constitution guarantees many of the rights that are important to us as Americans. The Supreme Court has inferred that other fundamental rights–like privacy–still exist, even though they weren’t directly mentioned in the Constitution.
Key thing 2: The Constitution only applies to government actors
You can only assert your Constitutional rights against the government, not private companies. That’s why it’s not okay for the State of Massachusetts to kick protestors out of a public park, but it is okay for a store in the mall to do the same: the store isn’t a government actor. To sum up, “government actors” = any employee of any government branch, whether state or federal. “Private actors” = everyone else.
Key thing 3: Private actors can do things that would be unconstitutional if the government did them
The Constitution limits what the government can do legally, but these same limitations don’t apply to private actors. If the government wants your information, it usually has to provide a good reason why. That’s not the case with private actors.
For example, the government can’t simply open your mail without a warrant supported by probable cause (a pretty good reason that a judge signs off on), whereas Facebook permanently stores and has access to all the messages in your inbox, and this is perfectly legal. And although a government hiring manager couldn’t outright ask you what your sexual orientation is in a job interview, he could easily find it on Facebook. Another scenario to illustrate this difference is that Hooters can (and does) hire only busty young women, whereas your local DMV couldn’t do the same.
Key thing 4: Most of us share a lot of our information with companies
Many of us are happy to share our lives on Facebook, Google, Pinterest, and other sites. We think that our data will be shared with our friends and networks, the company we signed up with, and perhaps a few advertisers. We let companies into our worlds because we get something in return. With Google, we let the company know what interests us and what we’re thinking about through our searches in exchange for the search results we want. Most people don’t expect that this information will be shared with the government.
Key thing 5: Companies already share an unexpectedly large amount of our information with the government
Consider this: in the 6-month period between June and January 2011, the U.S. government asked Google for data on 5,950 people through 11,057 different requests. Google handed at least some the data over in 93% of cases.
Key thing 6: CISPA will break down the wall between private companies and the government
CISPA will give the government the ability to get information that it couldn’t get constitutionally today. It makes it easier for companies to give the government your information if there’s any reason to suspect cyber crime or intellectual property theft. The term “cybersecurity” isn’t even defined in the bill, and privacy advocates like us worry about the vagueness of the language in the bill. As written, there is a wide net of what could be “suspected” of being a threat to “cybersecurity.”
Many of the big companies and websites you use every day support CISPA: Facebook, Microsoft, Verizon, and IBM are just a few on the list.
Key thing 7: Speak up if you oppose CISPA
Legislators are voting this week on whether to pass CISPA, which means that now’s the time to take action. The Electronic Freedom Foundation has a fantastic site with everything you need to tweet (use the hashtag #CISPA) and Facebook about CISPA, as well as very easily get in touch with your congressperson (we’re talking 1 or 2 clicks easy). The most important thing is to be heard, so if you have an opinion, speak up.
We often hear people say things like “I have nothing to hide, so why should I care about online privacy?” Here’s why: privacy is not about what you don’t have (like skeletons in the closet or evil intentions), but what you do have: opinions, relationships, hobbies, favorite things, religious views, and everything that makes you the person you are. If everything you do is being watched, you probably won’t be as comfortable doing these things. Given what you now know about CISPA, consider whether it might affect you and your family.
If CISPA worries you, we encourage you to speak up today before the vote takes place.