During the last decade, online privacy has become an issue relevant to almost everyone. As technology evolves, anyone from your 5-year-old cousin to your 60-year-old mom is using social media sites like Facebook and Twitter to connect with people. Remember MySpace and what you and your friends said to each other in what you believed was a venue catered to youth? I know I felt, maybe falsely so, safe from the prying eyes of my technological fuddy-duddy mother, who barely knew what MySpace was or for that matter, how to start an account.
Within the last year, the U.S. House of Representatives proposed several bills to better protect and define cybersecurity. The Stop Online Piracy Act (SOPA) and the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA) spawned a storm of controversy among Internet corporations and shareholders alike. The purpose of these bills, according to an online Forbes article—“What are SOPA and PIPA and Why All The Fuss?”—was to prevent companies from sending and distributing copyrighted material. While many online corporate leaders applauded Congress for addressing the issue of piracy, they were not willing to support a bill that violated the privacy of their users.
Companies such as Google and Wikipedia banded together before Congress was scheduled to vote on SOPA and PIPA last January, blacking out their website’s content as if they had been censored by the government. As a result, the voting on SOPA and PIPA was postponed indefinitely. Though these bills have so far lacked support from Internet users, the goal to stop online piracy has not wavered.
A new bill shows promise with endorsements from major online corporations like Facebook and IBM. Congress is debating the Cybersecurity Information Sharing and Protection Act (CISPA), a bill that allows government agencies to investigate private information on people suspected of online piracy.
“The problem of online piracy is too big to ignore. American intellectual property industries provide 19 million high-paying jobs and account for more than 60 percent of U.S. exports,” said House Judiciary Committee Chairman Lamar Smith, R-Texas, in an official statement on the Committee Judiciary website against the Senate’s decision to postpone consideration of CISPA.
With so much at stake in a country facing economic crisis, the need to control online piracy is more crucial than ever, Smith said.
The House approved CISPA on April 26, 2012 with a bipartisan vote of 248–168, according to CNET news. Though this bill won a majority in the House of Representatives, not all government officials are behind it as it is currently written.
“Allowing the military and the National Security Agency to spy on Americans on American soil goes against every principle this country was founded on,” Rep. Jared Polis, D-Co., said during a marathon floor debate on April 26.
The White House office of management and budget made an official statement the day before the House voted, claiming the President would veto the bill if Congress passed it in its current form.
“The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes,” according to the statement.
Authors of CISPA Michael Rogers, R-Mich., and C. A. Dutch Ruppersberger, D-Md., defend attacks against the wording of the bill, specifying that corporations are not obligated to share information if they suspect piracy. Bills like SOPA and PIPA were also designed to crack down on domestic sites, while CISPA is designed to focus on international entities. The supporters of CISPA argue the bill focuses on foreign hackers to protect against terrorism. So if you don’t have anything to hide, you shouldn’t need to worry. Right?
The stakes are high when your personal information is being monitored. According to an article by the Electronic Frontier Foundation titled, “How The Expansive Immunity Clauses in CISPA Will Facilitate Abuse of User Privacy,” a lack of accountability on behalf of corporations leaves too much room for abuse.
“As long as companies act in ‘good faith’ and the collection is for a ‘cybersecurity purpose’—a purpose as vague as protecting or securing any network from degradation or disruption—there are no limits on what type of information can be intercepted and shared,” according to the article.
The gray area
The Fourth Amendment currently ensures that no government official can search or seize an American’s property without first obtaining a warrant. In order to obtain a warrant, officers have to provide a judge with evidence that shows probable cause that a crime has been committed. Officers then have to specify a place and time for the search to take place. Rather than going through the process of obtaining a warrant, CISPA cuts out the middle man and grants qualifying “certified entities,” i.e. Internet service providers and online corporations, freedom to share user information with the government. If CISPA allows search and seizure to take place without the government first receiving a warrant, doesn’t the bill violate the Fourth Amendment?
Ben Steckel, a recent graduate of the Interdisciplinary Center Herzilya in Israel with a master’s degree in homeland security, said in an email the Fourth Amendment does not necessarily apply in the case of online property.
“The problem with the Fourth Amendment defense is that when the Constitution was written, no one could envision private companies providing a service where citizens would have intangible property, or potentially be destructive to other’s property—such as malicious code embedded in traffic—which may be used to steal intellectual property or bank information or even just damage/destroy networks. So search and seizure of electronic traffic that travels through other’s networks is a gray area.”
As Steckel said, while technology continues to develop, what constitutes as online private property lacks definition. Who owns your Facebook account, you or Facebook CEO Mark Zuckerberg?
Support from corporations
Considering CEOs are the ones investing money into websites, some might argue that your information belongs to them, even though your private information is stored in their databases.
CISPA grants power to online CEOs to share private information at their discretion. Facebook, however, assures the public they will not exploit the power the bill grants them.
“The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about [CISPA] in the first place—the additional information it would provide us about specific cyber threats to our systems and users,” Joel Kaplan, U.S. Public Policy vice president of Facebook, said on the Facebook Washington D.C. blog.
Good intentions or not, a lack of regulation on the information companies can share is a concern to Internet users and policy makers alike. After Kaplan published the blog post, hundreds of Facebook users responded with threats to close their accounts if CISPA were to pass. But just when it seemed CISPA had the support of every Internet service provider in the country, Alexis Ohanian, CEO of Reddit.com, spoke out against CISPA and Facebook’s support of it in an interview with CNN.
“We’ve never seen a company like this before, ever. It knows things about our private lives that no one else does. And one of the big issues that a lot of us in the tech community have with Facebook of late has been their support of bills like CISPA that make it really easy for a business like Facebook to hand over very private data about us without any due process. So that’s why I’m going to be holding off.”
Where are we headed?
Regardless of whether CISPA is signed into law, Congress will inevitably continue to develop bills to address the issue of online piracy. Senator Joseph Lieberman recently proposed another bill called the Cybersecurity Act of 2012, an alternative to CISPA, that forces corporations and the government to go through routine steps before user information is shared.
The Cybersecurity Act of 2012 would require appropriate state and local governments, under the Department of Homeland Security (DHS), to conduct regular risk assessments of Internet service providers, to ensure their systems are not vulnerable to piracy. If the Internet service providers or corporations demonstrate a poor system of defense, DHS has an obligation to implement security provisions.
It is not clear if DHS would have the right to directly view user information. Whether they would have the ability to do so while surveying companies for proper security provisions is questionable.
As Steckel mentioned, however, we are in a place now where defining online property is a pressing issue. Until ambiguous interpretations of online ownership and expectations of privacy are specified, Congress will likely create equally ambiguous cybersecurity bills. SOPA and PIPA were halted because Americans raised their voices in opposition, and the same can happen again.