A Case Against CISPA and for the Internet

Civil Liberties Internet Freedom Latest News Liberty News Media

Chicago April 18, 2013 – The story to come out of Boston is still in flux, and we are only now putting together the pieces of what happened in the aftermath of that terrible event. It will take much longer to piece together what preceded it. But we now know that within several hours of the attack, law enforcement had named a “person of interest” (an amorphous word that allows media and law enforcement alike to get around calling someone a “suspect” when there is a dearth of evidence against him): a 20-year-old Saudi Arabian student who was here on a student visa. Lest anyone think he was merely profiled for being Saudi Arabian, he was behaving suspiciously, according to witnesses: when the bomb went off, he ran away from it. It did not take long to clear him of any wrongdoing. But first, law enforcement had to ransack his apartment in Revere, Mass., and interrogate his roommate for several hours.

Within 48 hours of the Boston Marathon bombing, two other communities of laymen were conducting their own investigations. The first, Reddit.com, produced 14 threads (each with thousands of comments) over the course of two days. Many of those threads were dedicated to disseminating information about the bombing, and about relief efforts. But some of the comments were directed towards aggregating information, any information, that would become useful in identifying the perpetrator. Soon, the site was inundated with videos and photographs of the scene in the lead-up to the bombing, and in the moments thereafter. When law enforcement revealed that the bomb was likely transported in a black backpack, with silver reflective strips, the pictures were combed for information, in a project dubbed “Where’s Waldo?” by reddit moderators.

The other source was 4chan.  Some of the more impressive sleuthing took place on the 4chan message board, where posters aggregated photos and videos alike, and contrasted the vague descriptions given by the FBI with the multitudes of pictures it had managed to put together.  Without reddit.com’s moderators, who were understandably worried about posters identifying the wrong peoplem posters on 4chan were able to hypothesize to their heart’s content.

If you don’t know about reddit.com, the popular Internet message board, it is likely that you don’t own a computer. But what is 4chan? It began as an image-sharing message board, and has grown into one of the most trafficked sites on the web. Its rudimentary layout and simplistic programming makes it appear like something out of the dark old days of the 1990s. But the salient feature of 4chan is its anonymity: posters are given a random alias that does not follow them from thread to thread. That means that there is no karma. An offensive post in one thread does not follow you to another thread. And when a thread becomes unpopular, or reaches the limit of poses and/or images, it fades into oblivion. 4chan has no archive.

The anonymity feature has allowed some of the more depraved and disgusting sentiments humanity has to offer to be posted openly, particularly on its most popular message board, /b/. Words like “nigger” and “faggot” are terms of endearment. But the anonymity has also allowed posters to achieve true creativity, and periodically to do amazing things. Today, we may be adding a new accolade to the growing list.

4chan is also one of the likely targets of CISPA, a bill that has just passed the House, and is being taken up with alarming urgency by the US Senate.
CISPA, the Cyber Intelligence Sharing and Protection Act (H.R. 624) was brought to the House floor earlier today and passed.   It is very important for Americans to know what CISPA means.  In essence CISPA allows companies to share an individual’s private information with other companies and with the government and military, without warning the individual ostensibly for national security interests.  It in unclear that this personal information was ever called for or deemed necessary for cybersecurity.  There is no denying that cybersecurity is an important concern. The Chinese military is believed to regularly hack American organizations. Millions of attempts are made every single day to hack into the computer systems that control our nuclear weapons systems. As control of our power grids, and entire financial system became computerized, cybersecurity ceased to become comparable to the ideological or existential threats that consume Neoconservatives. Cybersecurity is a very real and paramount national security interest that directly affects all Americans.

CISPA was introduced as an amendment to the National Security Act of 1947, which does not mention cybersecurity. Its purpose is to make all internet activity transparent to the government. Websites would no longer be able to guarantee any modicum of privacy, because government agencies would be allowed, under CISPA, to monitor any internet activity that falls into several vague categories, and share that information with any other law enforcement agencies. While we need to address cybersecurity and bolster our cybersecurity against a growing number of enemies around the world, we need to do so in a manner that does not destroy individual privacy and keeps the Internet free. CISPA is not the way to do it. Had Congress sought a real and open dialogue on CISPA, they might have come up with a measure that makes sense. Knowing that the outcry would be very great, they have attempted to pass CISPA quietly. In that effort, they have failed.
There are several problems with CISPA, among them being the fact that there is no limit or restriction on what happens to the information that is shared about you. Information is only supposed to be used for “cybersecurity” purposes, which can include:

(i) threats to the United States, its people, property, or interests;
(ii) the development, proliferation, or use of weapons of mass destruction; or
(iii) any other matter bearing on United States national or homeland security.

But what does that mean? The problem is that the government has had a bit of a roving definition of terrorism. Just remember that the Department of Homeland Security considers a likely terrorist people who are, “reverent of individual liberty…suspicious of centralized federal authority or anti-government,” including people who are “extremely liberal” or “extremely conservative.”

What does any of that mean? It means what any law enforcement official might think it means. And law enforcement officials have a tendency to interpret these kinds of things very broadly.

Information given to one agency looking for something can be passed on to any number of other agencies. Data mined from your internet activity can then be used against you. Another problem with CISPA is that if a company ever misuses information about you, there is likely nothing you can do. But, why would any company want to hurt you? The answer to that is simple: CISPA is likely to be implemented, in part, by government-contracted private cybersecurity firms. Remember how they neglected to tell us that many of the lobbyists for enhanced x-ray screening at airports were being paid by companies that stood to make millions of dollars off of selling their machines to the US government? There’s something similar that they’ve neglected to mention about CISPA. For example, Rep. Mike Rogers, who claimed that the only opposition to CISPA came from “14-year olds in their basement,” is married to the former CEO of a “security defense contractor” that is hoping to secure a $10 billion contract with the State department. Now there’s a company that might benefit from CISPA!

What is most concerning is that the definition of “cybersecurity” within CISPA is not adequately defined. Does it include networks alone; or can it include software, or even a standalone computer? The impossibly vague definition found in the Computer Fraud and Abuse Act tells us, once again, that this amazing government power grab has not been tempered by almost any check and balance.

Representative Justin Amash proposed two amendments to CISPA in an attempt to make companies honor terms of use agreements and contracts that consumers had signed with them promising that they will not share a consumer’s private information with third parties. Rep. Amash’s amendments to CISPA also stated that personal information like tax returns, medical, financial, firearms sales records, educational information and other personally identifiable could not be shared by companies with the federal government. His Amendments were rejected. Does that not tell us anything we might need to know about Congress’s intentions here?

CISPA has powerful supporters including many of the largest corporations in America from Boeing, IBM, AT&T, Oracle, Microsoft, Intel, Exelon, Motorola and Time Warner to the American Bankers Association (although, it appears Microsoft has withdrawn its support, based likely on internet chatter from CISPA opponents). It has been pointed out that one of the reasons CISPA has received so much support from these tech giants could be that CISPA allows tech companies to use CISPA to retaliate against hackers and perceived hackers. The opponents of CISPA, on the other hand, like the opponents of the Stop Online Privacy Act, are decidedly more grassroots and less well-heeled. The opponents of CISPA are Reddit, Mozilla, the American Association of Law Libraries, ACLU, and the Association of Research Libraries, among thirty others. If money decides the outcome of the vote on the CISPA, it will be uncontested.

But money does not necessarily control the outcome of CISPA, due, in part, to Internet media like reddit.  Opponents of CISPA picked up a powerful ally in President Obama.  President Obama, in response to thousands of online petitioners, protests from social media users and a letter sent by the American Civil Liberties Union and thirty three other groups, issued a statement that he would veto the current version of CISPA unless it was amended to protect the privacy interests of American citizens. We commend President Obama for taking a stand on this issue because CISPA, in its current iteration, will dispense with any expectation of privacy you may have online.

CISPA is an end-run around the Constitution. It takes advantage of a dated concept of privacy. A man’s home is no longer his castle. He may be sitting in his home when he browses the internet, but his activities are being logged by servers, and, incidentally, by our internet service providers. Until recently, we assumed that our activity, though logged, would not be randomly perused by law enforcement. CISPA renders that assumption false. It nearly guarantees that everything we do on internet-accessible computers can and will be monitored for “red flags” by a government that has been famously terrible at profiling potential perpetrators. Just ask the 20-year old Saudi student who is currently recovering from the injuries he received in the Boston Marathon bombing. Just ask his roommate.
Today, the internet is a powerful tool that has been, and will continue to be, used to disseminate and aggregate information. It is a place where unbridled creativity can flourish. Part of what makes the Internet such an exciting and useful frontier is the promise of privacy, and a modicum of anonymity. That anonymity may have been partially responsible for solving the Boston Marathon bombing. According to CISPA proponents, the only people who oppose CISPA are 14-year olds sitting in their basements. Congratulations, in that case, to the FBI that may have relied on the library of photos assembled by 14-year olds sitting in their basements to solve one of the most public crimes to ever occur on US soil.

A free press has historically been an indispensable safeguard of liberty. Today, most of the mainstream media is controlled by a handful of corporate interests. The decision to air a story is as powerful as the decision not to. The way a story is cast and the way the facts are presented and what facts are left out allows media outlet owners to control their message and this power being aggregated in a few hands is disturbing. There is bias on both the Left and the Right.  The Internet by contrast has brought stories that were largely ignored by the media to the forefront. In the digital age, it is the Internet and not the mainstream media that spreads information from all corners of the world and unites and informs people. The greater defender of freedom is no longer the press, it is the Internet.  All the more reason, CISPA in its current iteration, must not pass.

 IMG_1241R. Tamara de Silva is a litigator specializing in Constitutional law in the federal courts. Ms. de Silva is also a professional securities trader. She writes a blog about the law, the financial markets and politics, which can be found atwww.timelyobjections.com.

Jonathan Lubin is a civil litigator in Chicago, Illinois, concentrating in Constitutional law and civil rights. Jonathan has studied at Brandeis jonathanlubinUniversity, the Rabbinical College of America in Morristown, NJ, and at the Chicago-Kent College of Law. He writes about politics, the law, and current events, at ReasonableInference.blogspot.com.