On April 26, the Cyber Intelligence Sharing and Protection Act (CISPA) passed the House of Representatives by a vote of 248 to 168. CISPA seeks to grease the sharing of data about people between government and big business. CISPA states,
The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and utilities and to encourage the sharing of such intelligence. [PDF]
The bill eliminates such information barriers as the need for court orders or warrants before a company can give a customer’s personal data to the government with impunity. Under CISPA, anyone whose data is accessed or used inappropriately cannot sue, and so abuse carries no penalty. Facebook can and will provide the government with full access to users’ accounts, and in return Facebook will receive classified government information.
In theory, the data tap turns on whenever an individual is suspected of engaging in certain illegal activities. Which illegal activities are targeted? In its original form, CISPA vaguely referred to threats against “national security” or “cyber security.” A later amendment broadened the scope: for example, it allows data to be accessed and shared when it is deemed necessary to protect individuals and children.
In practice, however, if the government or a business wants to access data for any reason, it will be easy to find a pretext. CISPA de facto repeals the Fourth Amendment protections against unreasonable searches.
The difference CISPA makes
Another bill to collect personal data, you say? Nothing new about that. In 2010, it was the Combating Online Infringement and Counterfeits Act, which re-emerged in 2011 as the Protect IP Act (PIPA). This was followed by the Stop Online Privacy Act (SOPA). PIPA and SOPA encountered such vigorous opposition from civil libertarians and from the powerful tech industry that a vote on each bill was “delayed.”
CISPA is different. Unlike SOPA, the bill has the active support of most tech-industry giants, with Facebook, Microsoft, Oracle, Intel, TechNet and Symantec sending letters of support. (Google appears to be taking a “wait-and-see” approach.) Basically, this leaves only civil libertarians like the Electronic Frontier Foundation to stand in principled opposition.
EFF also expresses practical objections — for example, that CISPA is unnecessary, because valid criminal searches can already occur with an easily obtained court order. EFF also points to ominous wording in the bill: the government-business partnership will exist “notwithstanding any other provision of law.” In other words, the partnership takes priority over privacy laws and any legal agreement the business made with a user.
The tech blog Ars Technica explains, “if a company decides that your private emails, your browsing history, your health care records, or any other information would be helpful in dealing with a ‘cyber threat,’ the company can ignore laws that would otherwise limit its disclosure.” Ars Technica reminds us that CISPA “immunizes firms who share ‘cyber threat information’ from customer lawsuits.”
With the support rather than the opposition of most tech-industry giants, CISPA has been able to accomplish what its predecessors could not. It passed the House and is making its way to the Senate.
Political capitalism in action
CISPA is a blatant expression of political capitalism.
One definition of capitalism is that it is a social system based on private ownership of the means of production. When it is unregulated and rooted in solid property rights, capitalism benefits the individual who rises through hard work and merit.
But a kind of “political capitalism” occurs when government and big business align to pass and enforce laws for their mutual advantage. The advantage CISPA offers to government is obvious. And big business benefits by being able to access classified information that may help to protect trade secrets from cyber attackers. But there will be other, less obvious benefits. The government will almost certainly make concessions to cooperative businesses, such as tax breaks and exemptions to regulation. Each hand washes the other, because government and big business have become parts of the same body. CISPA further collapses the difference between the two, blurring the line that separates them.
Two of the main losers are small-business owners and private individuals. The small businessman must now compete in the marketplace against big businessmen who enjoy government favor. The individual is deprived of tax money and of his rights in order to support the agenda of political capitalism. At some point, it is no longer possible for the individual to tell which is the greater threat to his freedom and wealth — government or the big businesses that align with it.
And Greece shall lead the way?
Governments around the world are making an unprecedented push to reap and share information about the everyday life of average citizens. A situation unfolding in Greece offers an instructive picture of what governments may do with data if they become desperate for money.
On the same day CISPA passed the House, the Greek Finance Minister Filippos Sachinidis announced a new policy on TV. A headline in the Greek news source Ekathimerini reads “Greece to Seize Money from Suspected Tax Evaders’ Accounts.” No warrant, no process is necessary before the seizure — just a stated suspicion.
Perhaps the most interesting aspect of the policy, however, is how the government will determine who is a suspected tax evader. Ekathimerini explains,
Banks, insurance companies and the stock market will have to submit the full details of transactions by taxpayers. … Credit card companies will also have to submit data on transactions in Greece for cards issued not just in this country but also abroad.
The automatic-reporting requirement for all transactions applies also to a wide range of businesses, including utilities and cell-phone networks.
The Ministry of Finance will use the data to “draft a property profile for each person and compare it with the tax statement submitted.” If the property owned suggests a higher income than the taxes paid, then the person is a suspected tax evader and his bank account is fair game. The Greek government’s grab for information is a blatant grab for cash, and it includes incentives to find people guilty.
The noted financial observer “Mish” Shedlock comments,
Anyone with any common sense has already pulled all of their money out of Greek banks. However, the unthinking masses probably have not. This move will without a doubt cause more than a few to worry about accusations, true or false, and in the case of the latter, the illegal confiscation of money. Expect to see a further plunge in money kept at Greek banks. Also expect capital flight of another kind: human capital. With this kind of crackdown, anyone capable of leaving would be wise to leave Greece immediately.
Any government that seeks the means to acquire total information on average people is on the road to Greece.
Whither CISPA?
CISPA was pushed through the House by Republicans who fast-tracked it by holding the vote one day before it was scheduled. Thus, opponents (like Ron Paul) complained about being shut out of the process. CISPA is now before the less friendly Senate, which is dominated by Democrats.
If CISPA passes the Senate, the White House has hinted that President Obama will veto it, but the veto threats are weak tea. For one thing, Obama also threatened to veto the 2011 National Defense Authorization Act, which he signed without hesitation. Why? Government watchdog Josh Gerstein explains,
White House Press Secretary Jay Carney said in a statement that changes lawmakers made to the legislation to accommodate White House concerns were sufficient to avoid a veto. The statement was issued just before the House was expected to vote on the conferenced House-Senate version of the National Defense Authorization Act.
Obama used the veto threat only as a negotiating chip. Similarly, Obama stated that he would not sign CISPA in its original form; it has been amended several times since that statement.
Moreover, there was wiggle room in the threatened veto. As Politico reported,
In a bid to tamp down Democratic support for a House Republican cybersecurity bill known as CISPA — and give cover to Democrats who vote against it — the president’s top advisers said they would recommend he veto it if it came to his desk in its current form.
A suggestion from advisers is not a commitment by Obama.
If Obama does veto CISPA, then it will require a supermajority to enact the bill without presidential authorization. A supermajority is 66 percent in both the House and the Senate.
In either case — in its current passage or in overriding a veto — the fate of CISPA is in the hands of the Senate.