A Challenge To Facebook: Withdraw CISPA Support Until The Bill Is Fixed Or Replaced

from the get-off-the-fence dept

One of the more concerning aspects of CISPA that sets it apart from SOPA/PIPA is the number of technology companies that support it. Of chief concern is Facebook, which handles a lot of sensitive private data, but is standing behind the bill. Joel Kaplan, Facebook's VP of U.S. Public Policy, has now released a statement explaining their support, which basically amounts to "we promise not to abuse the gray areas in the bill".

A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensure that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place -- the additional information it would provide us about specific cyber threats to our systems and users.

Kaplan then goes on to say that Facebook is engaging lawmakers to see about amending the bill to address people's concerns. But that creates a pretty big question: why are they still supporting the bill if they recognize its problems? Based on this statement, Facebook wants to use cybersecurity laws the right way—to give and receive anonymized and minimized data about specific threats, to be used solely in relation to those and similar threats. But CISPA does not require any of that. It's nice that Facebook is "able to" protect private information, but why aren't they and all other companies forced to? If the authors of the bill want to tout its "strong privacy protections", then a requirement to eliminate personal user information from shared data seems like a necessity.

Moreover, while Facebook may only be worried about specific cyber-threats, they can't control what the government does with the information. As currently written, CISPA basically allows the feds to keep whatever data Facebook shares on file, and search it whenever they want, for anything they want, as long as there is a "cybersecurity" or "national security" purpose. And "cybersecurity" is very broadly described, and includes things like intellectual property. If this bill is supposed to be about protecting networks from disruptive attacks, why aren't the terms and limitations narrowly defined to ensure that's the only thing it can be used for?

If Facebook's cybersecurity motivations are good—and I'm willing to grant them the benefit of the doubt and assume that they are—then they should withdraw their support of CISPA until it is fixed to exclude the broad provisions that go well beyond what Facebook wants to use it for. If the company is so proud of its commitment to user privacy, then surely it has to acknowledge that there are other companies which are not so responsible, and which will abuse the same powers and immunities that Facebook promises to handle responsibly. Unless they can show us that they are making meaningful demands of Congress, this attempt to soften their support of CISPA is just hot air.

Filed Under: abuse, cispa, cybersecurity, pipa, privacy, sopa
Companies: facebook

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    [citation needed or GTFO], 14 Apr 2012 @ 4:54pm

    Re: Re: Re:

    When Marcus (Leigh) writes uninformed, one sided posts that gloss over reality, he gets called out.

    Identify yourself as "Monkey's Advocate" instead of taking the slacker route and defaulting to "Anonymous Coward" then.

    So far all you've been proving is that you have an obsession with using Ad Hominems on EVERY article Leigh posts.

    You have to remember that you are dealing with a young, untalented boy from Canada, thinking he can wag the dog of American politics.

    What does that make you? Identify yourself. At least Bob and Darryl willingly have pseudonyms.

    He's got a puffed up ego and a desire to impress, and his posts are generally lacking.

    At least he has credentials (or in your view, lack of). What makes your comments any more credible?

    I call him out because of the puffery.

    Unless you have something besides Anecdotal Evidence to back your claims up:

    [citation needed or GTFO]

    It is a debate of the subject, because when you start out debating a weak story, all you get is weak debate.

    Weak debates that you take upon yourself to start with "MarcusMarcusMarcusIHeartMarcusMarcusMarcus..."

    Time to ask Mike to remove Marcus from the posting roster, and replace him with someone more intelligent - say like a monkey.

    So you're a monkey?

    Everything makes sense now!

    You obviously have some talent to write up long-winded posts. Why not use that to be productive and submit your own articles? You don't have to be part of us "TechDirt freetards" to do so. :)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.