Yesterday, the House Intelligence Committee released proposed changes to the Cyber Intelligence Sharing and Protection Act of 2011, also known as CISPA that, according to its sponsors, represent “huge progress” towards addressing the privacy and internet freedom community’s concerns.
But, many privacy advocates, including the ACLU, and groups including the Center for Democracy and Technology, Free Press, the Electronic Frontier Foundation and the Constitution Project still maintain their opposition. The changes are so underwhelming that even the Obama administration issued a statement yesterday that their privacy concerns persist.
Here are some of the main problems with CISPA:
1. CISPA still allows companies to share lots of sensitive and private information about our internet use with the government. The proposal amended the definition of what could be shared by taking out its explicit reference to stealing “intellectual property.” But it still allows the sharing of Internet use records or the content of emails for “cybersecurity purposes” and unlike proposals drafted by Sens. Joe Lieberman and Dianne Feinstein or the Obama administration, CISPA does not require companies to even make an effort to remove information that could be tied to a specific individual.
2. CISPA still lets military agencies such as the National Security Agency directly collect the Internet records of American citizens who use the public, domestic, civilian Internet. The proposed changes state that the Department of Homeland Security should be cc’d when companies share our private details with the military and others, but this is no substitute for ensuring that a civilian agency is put in charge of collecting Americans’ information.
3. CISPA still lets the government use the private information it collects about us for any purpose it deems fit outside of regulation. For four months, the draft bill has remained the same: the government can use information collected under this broad new program for “any lawful purpose” so long as a “significant purpose” of its use is a cybersecurity or national security one. But as former federal and FISA court judge James Robertson said at a congressional briefing this week, this “significant purpose” limitation is meaningless. The Patriot Act inserted this language into our foreign intelligence surveillance laws, and since then, in Judge Robertson’s words, they’ve had a “hole you could drive a truck through.”
Hard to see the progress here.
CISPA is still expected to hit the House floor for “Cybersecurity Week” next week. You can find out more about the bills in this memo, and more importantly, help us spread the word on Twitter and write to your Member of Congress today. Let Congress know that in spite of the minor changes floated by the House Intelligence Committee, you still oppose CISPA.
- The Disturbing Privacy Dangers in CISPA (alethonews.wordpress.com)
- Worse than SOPA? CISPA to censor Web in name of cybersecurity (alethonews.wordpress.com)
- 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed (techland.time.com)
- CISPA Lacks Protections for Individual Rights (usnews.com)
- Week of Action Against CISPA Begins, But Don’t Expect Web Blackouts (mashable.com)
Even after January’s landmark Supreme Court decision cast significant doubt on the government’s ability to electronically track a person’s location without a warrant, the Justice Department continues to defend this practice. On Friday, the ACLU, along with the Electronic Frontier Foundation, the Center for Democracy and Technology, and the National Association of Criminal Defense Lawyers, filed a friend-of-the-court brief in the U.S. Court of Appeals for the Fifth Circuit, arguing that the government should be required to obtain a warrant based on probable cause before seizing 60 days’ worth of location information generated by an individual’s cell phone.
The appeal by the government comes after a federal district court judge in Texas held that the constitution does indeed require a warrant for such information. As long as a cell phone is turned on, it automatically registers its estimated location with the nearest cell towers as frequently as every seven seconds. This means that every person who uses a cell phone is creating a vast record of personal information, from doctors’ visits to church attendance to visits to friends’ homes.
In our brief, we urge the court to hold that the Fourth Amendment requires the government to obtain a warrant and demonstrate probable cause before obtaining cell phone location data. Most people are unaware that their every movement can be tracked through their phones, and we maintain an expectation that such information will remain private. Cell phone location data, especially data collected over a prolonged period of time, is simply too sensitive to allow the government access without proving to a judge that there’s good reason to believe it will turn up evidence of a crime.
This is the first time in years that a higher court will consider the constitutionality of this issue. By refusing to appeal lower-court decisions where a judge required a warrant, the government has avoided allowing appeals courts to make a ruling.
Unfortunately, the government believes that most people know that their cell phones are generating a near-constant record of their locations and movements, and it argues that individuals cannot reasonably expect that this information will remain private.
The government is wrong. We shouldn’t have to choose between using the modern technology that society has come to rely upon and being able to expect that our private information will remain private. Instead, our brief encourages the court to recognize that when we take our cell phone to the gym or to a political rally, we certainly don’t intend for the government to be following along.