North Korean hackers and the Boston bombings might not appear to have much in common.
But not according to some American lawmakers, who are using both to justify passing a controversial cybersecurity bill that civil liberties advocates claim “undermines the privacy of millions of Internet users.”
Yesterday, the Cyber Intelligence Sharing and Protection Act, or CISPA, was approved by the House of Representatives by a vote of 288 to 127. The law was first introduced in 2011 and approved last year by the House, though it died in the Senate after an outpouring of opposition from privacy and civil liberties groups. But it has been resurrected and is heading to the Senate for the second time. Predictably, the storm of criticism has also reappeared. Rights groups have consistently raised concerns over how CISPA would allow corporations to pass unanonymized user data to federal government agencies for vaguely defined “cybersecurity” purposes—and be covered by full legal indemnity when doing so.
The ACLU has described CISPA as an “extreme proposal” that “forges new ground.” The Electronic Frontier Foundation says it “would provide a gaping exception to bedrock privacy law.” And even the White House has criticized the bill, earlier this week threatening to veto it unless it is amended to include better privacy and civil liberties safeguards.
But yesterday, when the House was debating the contentious bill, CISPA advocates didn’t seem to be paying attention to any of those issues. Rep. Mike McCaul, R-Texas, cited the Boston bombings while arguing for CISPA to be adopted. “In the case of Boston, they were real bombs,” McCaul said, adding that we also need to arm ourselves against “digital bombs. These bombs are on their way.” Similarly apocalyptic statements were made by Rep. Candice Miller, R-Mich., who made no mention of Boston, though argued that CISPA was needed to stop hackers in countries like Iran and North Korea from crippling American infrastructure and causing the destruction of American jobs. Rep. Dan Maffei, D-N.Y., even used the debate to take aim at WikiLeaks, bizarrely claiming CISPA was needed to stop the whistleblowing website from pursuing efforts to “hack into our nation’s power grid.”
In the aftermath of tragic events or amid heightened global tensions, it’s hardly unusual for lawmakers to make emotive appeals in pursuit of new national security powers. Public opinion in the aftermath of a distressing terror attack in particular can sway citizens in favor of handing the authorities more intrusive surveillance powers, as occurred in most Western democracies in the aftermath of 9/11 (the Patriot Act being just one example).
In the case of CISPA, however, it is tenuous in the extreme to draw sweeping links between cyberattacks and pressure-cooker bombs tearing through a Boston street, or cyberattacks and WikiLeaks, or cyberattacks and whatever else is agitating U.S. lawmakers on a given day. Exploiting every perceived threat to counter a push for greater CISPA privacy protections is brazenly cynical—and, I’d argue, ultimately doomed to fail.
800+ Companies supporting CISPA will give your details away without a warrant.
Pentagon expands cyber-attack capabilities.
A List of organizations against CISPA.
A List counting 965 Websites -so far- down in protest against #CISPA.
CISPA dox toolkit.