One of the key things we've seen in the pushback on CISPA is that its backers insist that people arguing against it don't really understand how the bill works, and that it does protect privacy. CISPA sponsor Rep. Mike Rogers himself took to Twitter this morning to tell the EFF
that it's misreading his bill. But, of course, as we've seen, it seems that Rogers himself is the one being misleading
when it comes to privacy. If he truly believed in privacy protections, he would have supported a variety of straightforward amendments
that made it clear how privacy could be protected. But he didn't. Instead, he clearly left it open for abuse.
One of the key points that Rogers keeps saying over and over again is that this bill is not a "surveillance" bill. Why? Because it doesn't allow the NSA or others to go in and automatically get info. But Rogers is choosing his words very carefully, such that he absolutely misrepresents how the bill can
and almost certainly will
be used. And while he and other CISPA supporters will (and have) argued that the possible
abuses of CISPA are crazy conspiracy theories that wouldn't happen in practice, we have too many examples of how the US government's intelligence infrastructure very quickly expands to make use of every single loophole
provided to them within the law -- sometimes going so far as to interpret laws in ways clearly contrary to Congressional intent, just because they can. Let's just highlight two examples:
- The FISA Amendments Act, which was passed in association with the Patriot Act, supposedly to give the NSA more powers to scoop up communications of folks involved in terrorist activity. Now, the NSA is -- by mandate -- not allowed to spy on Americans. And yet, multiple whistleblowers and hints from folks who know in Congress have made it quite clear that the NSA has interpreted the FISA Amendments Act to allow exactly that -- even as many in Congress clearly don't understand how the bill is being used.
While it's still not official, enough information has been revealed to show that the NSA interprets the requirement that its surveillance target foreign persons to mean that as long as it's looking for foreign terrorist activity, it can spy on everyone. Get that? It's a sneaky trick that many have not realized. The NSA argues -- likely with agreement from a secret court ruling -- that so long as it can claim that it is investigating a foreign threat somewhere, somehow, the prohibition on spying on Americans does not apply. There is increasing evidence that this now means that the NSA is scooping up pretty much all data it can get its hands on. While it may not be going through it in real time, it appears to believe that as long as it can make the argument that it's searching for a foreign threat, that it can delve into that treasure chest of, well, everything.
- Next: the "national security letters" (NSL) issue. While a court recently ruled these unconstitutional, this process has been widely abused by the FBI for years to get private information on people without a warrant and with a gag order on recipients. Every time it's been investigated, it's been shown that the FBI has widely abused its NSL powers. However, since there's almost no oversight, the FBI still feels free to make widespread use of the tool, which was only supposed to be used in extreme circumstances.
Along those lines, the FBI has gotten so comfortable with asking companies for data without a warrant or any formal oversight process, that it was revealed a few years ago that, rather than going through the drudge of actually processing paperwork to get private info from AT&T, some agents simply used Post-It Notes to make their requests, which AT&T readily coughed up without question.
The point, hopefully, is clear. We've never seen law enforcement show any hint of not
making use of any and all powers it has at its disposal to twist and interpret laws to allow it to get private information on people without a warrant or any real oversight. While the latest version of CISPA pays some tiny lip service to privacy, the simple fact is that, by definition, it wipes out all privacy laws
in protecting companies entirely from liability for coughing up your information.
CISPA supporters also like to claim that since CISPA is "voluntary," companies will have no reason to give up your private info. That's nice in theory. And, sure, perhaps some principled companies will resist, but we've already seen the AT&T example above. And, even more importantly, we've seen how pressure
from the US government, or even threats
of the government shaming them publicly for not "helping" have been incredibly effective in making "voluntary" action suddenly seem obligated.
The saying goes "fool me once, shame on you. Fool me twice, shame on me." We've been fooled many times by the US government insisting that certain laws won't be used to violate our privacy, when it later comes out that they were used in exactly that way. So forgive us for calling bullshit on Mike Rogers' claims that CISPA doesn't "allow" the government to spy on Americans. It absolutely does. It opens up a clear path for law enforcement and intelligence agencies (and others!) to hide behind the liability protections within the law to pressure companies to reveal whatever they want with absolutely no repercussions.
That seems like a pretty serious issue, and one that Congress and supporters of CISPA don't seem to want to admit.