A Challenge To Facebook: Withdraw CISPA Support Until The Bill Is Fixed Or Replaced

from the get-off-the-fence dept

One of the more concerning aspects of CISPA that sets it apart from SOPA/PIPA is the number of technology companies that support it. Of chief concern is Facebook, which handles a lot of sensitive private data, but is standing behind the bill. Joel Kaplan, Facebook's VP of U.S. Public Policy, has now released a statement explaining their support, which basically amounts to "we promise not to abuse the gray areas in the bill".

A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensure that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place -- the additional information it would provide us about specific cyber threats to our systems and users.

Kaplan then goes on to say that Facebook is engaging lawmakers to see about amending the bill to address people's concerns. But that creates a pretty big question: why are they still supporting the bill if they recognize its problems? Based on this statement, Facebook wants to use cybersecurity laws the right way—to give and receive anonymized and minimized data about specific threats, to be used solely in relation to those and similar threats. But CISPA does not require any of that. It's nice that Facebook is "able to" protect private information, but why aren't they and all other companies forced to? If the authors of the bill want to tout its "strong privacy protections", then a requirement to eliminate personal user information from shared data seems like a necessity.

Moreover, while Facebook may only be worried about specific cyber-threats, they can't control what the government does with the information. As currently written, CISPA basically allows the feds to keep whatever data Facebook shares on file, and search it whenever they want, for anything they want, as long as there is a "cybersecurity" or "national security" purpose. And "cybersecurity" is very broadly described, and includes things like intellectual property. If this bill is supposed to be about protecting networks from disruptive attacks, why aren't the terms and limitations narrowly defined to ensure that's the only thing it can be used for?

If Facebook's cybersecurity motivations are good—and I'm willing to grant them the benefit of the doubt and assume that they are—then they should withdraw their support of CISPA until it is fixed to exclude the broad provisions that go well beyond what Facebook wants to use it for. If the company is so proud of its commitment to user privacy, then surely it has to acknowledge that there are other companies which are not so responsible, and which will abuse the same powers and immunities that Facebook promises to handle responsibly. Unless they can show us that they are making meaningful demands of Congress, this attempt to soften their support of CISPA is just hot air.

Filed Under: abuse, cispa, cybersecurity, pipa, privacy, sopa
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 16 Apr 2012 @ 6:17am

    Re: Re: Re: Re: Re: Re:

    And I need grammar classes. "you need to have a look in the mirror" is what I meant.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.