The CISPA circus: Send in the clowns

The Cyber Intelligence Sharing and Protection Act (CISPA) is halfway toward becoming law after the House passed the bill by a vote of 288 to 127 yesterday, rejecting several amendments that would have limited the amount of personal information private companies could share with Uncle Sam.

Hey, no big deal, right? In February, CISPA’s primary author Rep. Mike Rogers (R-Mich) shared his views on why CISPA is no threat to personal privacy:

We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred millions times a second. So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that.

[ For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

With such tech-savvy elected officials regulating our InterPipes, we clearly have nothing to worry about. It didn’t get any better during this week’s “debate” over the bill. Drawing an unfortunate parallel to this week’s tragic events, Rep. Mike McCaul (R-TX) proclaimed:

In the case of Boston they were real bombs, in this case they’re digital bombs. And these digital bombs are on their way.

Remember that scene in “Live Free or Die Hard” where the evil computer genius sends a virus to a hacker’s computer that actually makes the machine explode? Apparently Congressman McCaul has seen that movie too many times.

Rep. Candice Miller (R-Mich) “painted a dire picture of North Korean hackers taking down the U.S. power grid,” according to the Verge, and said Congress would be violating the Constitution if it didn’t pass CISPA. That’s it — I’m now unfriending Kim Jong-un on Facebook.

Bipartisan boneheads

It’s not just Republicans. Rep. Dan Maffei (D-New York) wants to use CISPA to battle sites like WikiLeaks, which he believes is “taking very aggressive measures to hack into” U.S. computer networks. Somehow, he has uncovered Julian Assange’s fiendish plot to take control of our nation’s supply of hair products.

How do these people get elected? We’d do better by sending chimpanzees to the polls every two years and having them randomly fill out ballots.

The bill now moves from the House to the Senate, which is a bit like going from a Keystone Kops movie to Monty Python’s Twit of the Year contest. The Senate rejected CISPA last year, but after its shameful performance this week, anything is possible. (You are of course free to disagree in the comments below, but please check your firearms at the door.)

Of course, the White House has vowed to veto the bill unless privacy protections are added, but given the Obamanistas’ track record on keeping their vows that’s hardly comforting.

Let’s be clear: More information sharing in the face of cyber attacks is a good thing. Our nation’s private and public infrastructure are both deeply intertwined and vulnerable, so it makes sense to ease restrictions on data sharing when a bank gets hacked, because the next target might be the power station down the road.

CISPA springs a leak

The problem with CISPA is that in its current form it’s still vague and ripe for abuse. It absolves corporations of being responsible for what happens to the data they’ve collected. It allows data sharing with the entire federal government, not just the parts responsible for ensuring our safety. It circumvents other laws designed to limit governmental access to private information. And it can be deployed for a wide range of perceived threats that have nothing to do with attacks on our nation’s infrastructure. In that it is very much like the Patriot Act, which was allegedly written to combat terrorists but ended up being used primarily against run-of-the-mill drug dealers, money launderers, tree-huggers, and vegetarians (yes, really).

Is North Korea a threat to our nation’s infrastructure? Possibly. WikiLeaks, not so much. But to the legislators who came up with CISPA there’s little difference.

While computer code may be binary, privacy and security are not. You don’t actually have to choose between one or the other. Data minimization is not a new concept. You can enable companies to share information with law enforcement (and visa versa) without exposing everyone’s personal information. You can craft a bill designed to enhance our ability to respond to cyber attacks without throwing in other vague threats that turn the law into an invitation for corporations and governments to throw a data party — or a fishing expedition.

It’s just harder. It requires careful thought and compromise — two things apparently in short supply in our nation’s capitol.

What’s your stand on CISPA? Climb on your soapbox below or harangue me here: cringe@infoworld.com.

This article, “The CISPA circus: Send in the clowns,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.