Copyright Disclaimer Under Section 107 of the Copyright Act 1976?Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use. Unless you are in this field of investigative journalism, especially covering extremely sensitive subjects and potentially dangerous subjects as well, you simply cannot understand the complexities and difficulties involved with this work that I face every day.
Sunday, April 21, 2013
CISPA passes U.S. House: Death of the Fourth Amendment?
Summary: The controversial
cybersecurity Bill has passed the U.S. House and is now on its way to
the Senate chamber. Privacy groups believe this tramples on the Fourth
Amendment.
The controversial Cyber Intelligence Sharing and Protection Act
(CISPA) just passed the U.S. House, and will now head to the upper
Senate chamber for further deliberation.
Rinse and repeat. This isn't the first time that this has happened, but it still poses a major threat to Fourth Amendment rights, according to civil liberties campaigners. CISPA's
passing will lead to a second round of debate and amendments in the
U.S. Senate, which a year ago the same Bill stalled in favor of the
upper house's own draft cybersecurity legislation. (Image: CNET)
The Bill was passed 288-127 in favor of the Bill after two days of
debate and discussion on the House floor. Only 18 members of the House
abstained from the vote.
CISPA will allow private sector firms to search personal and sensitive user data
of ordinary U.S. residents to identify "threat information," which can
then be shared with other opt-in firms and the U.S. government — without
the need for a court-ordered warrant.
This means a company like Facebook, Twitter, Google, or any other
technology or telecoms company, including your cell service provider,
would be legally able to hand over vast amounts of data to the U.S.
government and its law enforcement — for whatever purpose it deems
necessary — and face no legal reprisals.
And despite numerous amendments and changes, there are no
requirements that personal data, such as health records or banking
information, should be anonymized before sharing it with the government.
It's hoped that the data can be used in real time to stop
cyberattacks in their tracks, or even trace back to the source of the
attack. Because cyberattacks nowadays as weapons in the virtual battlefield could lead to all-out war.
The Bill will also amend the National Security Act
to allow U.S. intelligence services to hand over classified information
to entities and people that do not have security clearance. The idea is
that this will be used in order to help companies fight back against
and prevent cyberattacks on their systems in the future.
A great deal of controversy has stirred around this Bill. Having amendments passed in a veil of secrecy did not help matters, either.
To make things even more complicated, a new amendment, voted down by lawmakers on Wednesday in the U.S. House,
would have allowed U.S. companies to keep their privacy policies intact
and their promises valid, including terms of service, legally
enforceable in the future.
It means that the many who signed up to such services under terms
that promised their data would not be shared with anyone — unless a
subpoena or court order was served — would no longer have such rights
going forward.
Though it would have weakened CISPA's overall weight, now it gives
additional legal immunity to companies sharing their customer data. Rep.
Jared Polis (D-CO), in speaking to ZDNet's sister site CNET, said that such firms are "completely exonerated from any risk of liability."
Hello Fourth Amendment, goodbye Fourth Amendment
The key provision of CISPA is that it allows government entities to
acquire your data without a warrant, should a private company holding
your data hand it over.
The Fourth Amendment of the U.S. Constitution states:
The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no warrants shall issue, but upon probable
cause, supported by oath or affirmation, and particularly describing the
place to be searched, and the persons or things to be seized.
"Upon probable cause." That means the U.S. government has to seek out
data based on evidence and intelligence. But while the U.S. government
and its law enforcement agencies, intelligence services, and more than 600 agencies that can use your data cannot force a company to hand over data, it doesn't mean your data is safe.
The Fourth Amendment does not protect private companies from
accessing and data mining your information for its own gain. It only
protects against the U.S. government unlawfully accessing your data
without a search warrant.
CISPA bridges a gap between the private firms that can access your
data for nefarious purposes — they would likely never do this — to the
U.S. government.
U.S. firms voluntarily handing data along the one-way street to the
U.S. government effectively means the Fourth Amendment doesn't have to
apply; it's not snooping if it was handed to the government under
"cybersecurity" grounds.
By this point, the U.S. government can do just about anything it
likes with your data once it's in its hands, in spite of the Fourth
Amendment and notwithstanding lacking a search warrant. The kicker is
that this is allowed as long as it's lawful and pertains to
"cybersecurity purposes," rather than "national security" purposes. But
because the language in CISPA is so ill defined, it could be used for
many more reasons than were initially considered.
According to privacy and civil liberties group the Electronic Frontier Foundation
(EFF), even though the data was passed to the government for reasons
pertaining only to "cybersecurity," it can then be used to investigate
other crime, not limited to cybersecurity crime, such as the "criminal
exploitation of minor, protecting individuals from death or serious
physical injury, or protecting the national security of the United
States."
But it all flows through the U.S. Department of Justice, first and
foremost, which can then be disseminated throughout government and its
agencies, onto the FBI, the National Security Agency (NSA), Immigration
and Customs, and so on. Even the U.S. Department of Agriculture can take
on your data and use it against you, should you be fishing without a
license.
And because this is done behind the scenes and private companies do
not have to tell you that they've handed your data to the government,
you may never know about it. And private firms are exempt from Freedom
of Information (FOI) requests, with such provisions disallowed under
CISPA.
The EFF said on its site:
As it stands, CISPA is dangerously vague, and should not
allow for any expansion of government powers through a series of poorly
worded definitions. If the drafters intend to give new powers to the
government's already extensive capacity to examine your private
information, they should propose clear and specific language so we can
have a real debate.
The American Civil Liberties Union (ACLU) has called CISPA "fatally flawed."
"The core problem is that CISPA allows too much sensitive information
to be shared with too many people in the first place, including the
National Security Agency," the privacy group said. In a statement today,
it went further, calling the Bill "extreme."
CISPA is an extreme proposal that allows companies that
hold our very sensitive information to share it with any company or
government entity they choose, even directly with military agencies like
the NSA, without first stripping out personally identifiable
information.
Exactly how this goes forward in the Senate remains unclear.
Many civil liberties campaigners are hoping for similar action based
on last year's events, when the upper house chamber shelved the Bill as
it sought to develop its own cybersecurity legislation.
CISPA will likely face yet another roadblock when it reaches President Obama's desk. This week, the White House threw its weight behind a threat that would see CISPA vetoed by President Obama should it pass through Congress unimpeded.
It repeats a similar sentiment by the Obama administration last year,
when CISPA reached as far as passing the House but failed in the upper
Senate chamber.
In a letter, the White House said: "The administration still seeks
additional improvements, and if the Bill, as currently crafted, were
presented to the president, his senior advisors would recommend that he
veto the Bill."
Under CISPA, Google, Facebook, Twitter, Microsoft, others can't promise to protect your privacy
No comments:
Post a Comment