The Cyber Intelligence Sharing and Protection Act (CISPA) hasn’t received a whole lot of media attention yet, but it continues to pick up support from legislators.
The bill is touted as being much worse than SOPA when it comes to privacy invasions.
Just as SOPA put an emphasis on piracy, CISPA also appears to include the infringement of intellectual property as a security threat warranting access to user data. The definition of “theft or misappropriation of private or government information” is given four times throughout the bill H.R. 3523.
Under CISPA, Internet providers and other companies could be expected to hand user data over to government agencies and even other companies upon request.
According to the Electronic Frontier Foundation (EFF), it “would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a ‘cybersecurity’ exemption to all existing laws.”
The EFF is concerned that, due to the vague language used in the bill, “a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats.”
And is it really needed in the first place?
Acquiring user data would merely be a reaction to whatever security breach may have already taken place. Without being a security expert, it raises major privacy concerns for this writer. As someone who regularly relies on many popular online services, it is disheartening to think that a bill is being introduced which would create such potential horror scenarios by so readily offering up access to user data.
A good social engineer (con man) would have a field day gaining access to user data with a simple phone call by posing as this or that government agency/corporate entity. It happens all the time at present.
It will be interesting to hear from security experts as to whether CISPA would actually provide any additional security or if it’s only creating a nightmarish internet environment wrought with much worse security vulnerabilities then we are faced with today.