Google’s Silence for CISPA, The Cyber Intelligence Sharing and Protection Act
April 30, 2012
(Long Island, N.Y.) Google Inc., has acknowledged in a lobbying disclosure that it has been involved in efforts which are related to the Cyber Intelligence Sharing and Protection Act (CISPA) which passed by the House last week, approved by a 248-168 vote, and is now moving onto the Senate. Although a specific position on the privacy bill has not been taken, the company does admit to lobbying on the issue and will likely need to take a public side within the coming days as continued silence will only signal the equivalent of its support.
If Google’s efforts are in support of the legislation, these actions would be a significant shift in policy for the organization. An online petition run by Google against the Stop Online Piracy Act (SOPA) became widespread among Internet users early this year, prompting Internet blackouts, most notably, the one by Wikipedia. On January 18th, more than 115,000 web sites joined with Google and Wikipedia to protest SOPA and PIPA by interrupting their web services for 24 hours. Many felt that shelving the two pieces of legislation was a major victory on their behalf.
Supporters of CISPA claim they are acting within national interest to encourage the development of useful cyber security measures by sharing increased amounts of information in an open manner which could better aid private companies in protecting their networks. Governmental organizations could benefit by having a stream of data that would point out where security leaks are occurring, in a timely manner. Few have problems with these provisions, although many Internet technology experts are concerned as “the legislation goes too far and that serious problems need to be addressed”.
Opponents of the bill note that it doesn’t actually do a whole lot to increase cyber security protection - the government has always had the power to retrieve user data of suspected cyber security criminals, but they must take the time to seek out the appropriate warrants. CISPA only applies to companies voluntarily sending data to the government . Also, they believe that cyber security is ill-defined in the bill and allows the government too much leeway with how the data is used. They think that companies shouldn’t be able to share their information when they said that they wouldn’t.
Few question the fact that malicious network hackers and foreign attacks are serious threats. However, the broad language used in CISPA has caused concerns among those who feel it could be used inappropriately in order to prosecute users for certain types of breaches of which the law is and has not been created for. Other commentators have suggested that it could be used to squash legitimate protests or even create a legal framework that resembles a technology industry version of the TSA.
One of the biggest concerns raised by critics of CISPA is that it’s definitions of far too vague, and that almost anything can or could be considered a potential cyber security threat. It could encourage business entitles to readily hand over vast amounts of information indiscriminately in order to be exempt themselves from any possible lawsuits. Opponents believe that if CISPA were to become law, private companies would investigate most user communications and pass this information on to the government creating a system where there is virtually no expectation of privacy at all once logged onto the Internet. As long as these companies or Internet Service Providers (ISPs) were acting in a way that was “deemed” to be in good faith and their delivery of user information could be justified as “necessary for security reasons” they would be granted immunity against any liability.
In a statement, the American Civil Liberties Union said that it is concerned. “CISPA goes too far for little reason,” said Michelle Richardson, ACLU legislative counsel. “Cyber security does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”
The Obama administration has threatened to veto the bill. The Office of Management and Budget said the administration was “committed to increasing public-private sharing of information about cyber security threats” but said the process “must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace.”