CISPA’s second serving is even worse than the first

Last year, Netizens concerned about their personal privacy managed to drive a stake through the heart of PIPA and hold SOPA’s head under the bathwater until the bubbles stopped coming. They even managed to fight off the Cyber Intelligence Sharing and Protection Act. But like one of the undead, CISPA is rising again to terrorize us all.

Theoretically at least, CISPA is supposed to make it easier to defend our little corner of the InterWebs — and everything that depends on it, from banking systems to utility companies — from cyber attacks. It’s hard to argue with that. But everything else CISPA could allow has moved the villagers at the Internet Defense League and their friends to break out the torches and pitchforks.

[ Cash in on your IT stories! Send your IT tales to offtherecord@infoworld.com. If we publish it, we’ll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

Over at Wired, DoD security consultant Chris Finan argues legislation that makes it easier for law enforcement and private firms to work together to protect our cyber infrastructure is a good thing. However, CISPA as it currently stands isn’t it.

The problem? CISPA negates existing privacy laws, holds private corporations exempt from prosecution for abusing or mishandling our personal information, and allows them to share our data with a wide range of federal agencies, most of whom have nothing to do with cyber security. Aside from that it’s just peachy.

The EFF has a list of some 600 federal agencies that could request your data under CISPA. It includes all the usual suspects (FBI, DHS, and so on), as well as truly obscure ones, like the Office of the Second Children, National Cemetery Administration, and the National ICE Center — because the safety of our nation depends on the vice president’s children, dead people, and ice skaters having access to your data.

(Yes, I know “ICE” stands for “Immigration and Customs Enforcement.” It’s a rule here in Cringeville: Never let the facts get in the way of a stupid joke.)

CISPA can be fixed, Finan argues, by limiting the kind of information that is shared and who gets to see it. The question is, does anyone in Washington really want to fix it? Or is this kind of corporations-gone-wild information sharing the real point of the bill?

We’ve seen this before. The PATRIOT Act was supposed to be all about keeping us safe from terrorists — that was the sales pitch. As it turns out, it was too tempting to use the same Fourth Amendment-bypassing provisions to chase run-of-the-mill drug lords and money launderers (unless they were also large multinational banks, in which case they got a free pass).

One of the most controversial aspects of that act was to make it easier to force private companies to turn over business records of their customers when requested via a National Security Letter; these companies were forbidden from notifying the customer or anyone else about the NSL. Last week, nearly 12 years after the PATRIOT Act became law and more than 100,000 NSLs had been issued, a federal judge declared those NSLs unconstitutional.

Now we have CISPA, which is kind of an NSL in reverse. It allows private companies to share your business records with the government, pretty much whenever they feel a sudden cyber attack panic coming on.

As usual, it’s interesting to follow the money in this case. According to political funding watchdog MapLight, the groups supporting CISPA (companies like AT&T, IBM, and Comcast) gave $55 million to members of Congress — or 13 times more than the groups opposing it, such as the ACLU and EFF. Chief CISPA sponsor Mike Rogers (R-Michigan) liked that MapLight factoid so much he or one of his staffers retweeted it last week, then thought better of it and quickly deleted the tweet. Pay no attention to the man behind the curtain or the companies behind this bill.

My question: What are these deep-pocketed organizations getting for their money? A safer Internet? Maybe. Or perhaps a free pass from the responsibility to safeguard our data, along with the freedom to do whatever the hell they want with it.

Where do you stand on CISPA? Make your arguments below or harangue me via email: cringe@infoworld.com.

This article, “CISPA’s second serving is even worse than the first,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.