CISPA: More of a threat to online privacy than SOPA?

Privacy & Security Posted on April 14, 2012

CISPA: More of a threat to online privacy than SOPA?

Another day, another new piece of legislation that threatens the online privacy of web citizens around the world. Last week it was the draconian new spying powers of the UK’s CCDP act, this week it’s the turn of the US congress' to stir-up online protest with a piece of legislation that once again threatens to give government agencies new powers to spy on users. Worst of all, most of the online industry supports it.

‘Cyber security-threat’

CISPA, which stands for the Cyber Intelligence Sharing and Protection Act, is - on the face of it - a bill designed to allow the US government and private web-corporations to share information more effectively in order to better prosecute “cyber security-threats”. Here’s what co-author of the bill, Republican Mike Rogers, says CISPA is designed for.

“Every day US businesses are targeted by nation-state actors like China for cyber exploitation and theft,” argues Rogers. “This consistent and extensive cyber looting results in huge losses of valuable intellectual property, sensitive information and American jobs. The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks.”

Like the UK government’s attempts last week at blaming paedophiles for the necessity of online state spying, the US government is trying to whip its population into an irrational fear of international cyber-espionage in order curtail online freedoms. Sure, China and other entities may pose some threat to US interests in the online space. But as it did with SOPA, the US government has decided to address this problem by introducing a clumsy, ill-defined, bill that will do far more harm than good, threatening personal liberties and damaging the online ecology.

Just what is a ‘cyber-threat’?

So what powers does CISPA give the US government? The bill is mainly about information sharing, so it means ISPs and services such as Google and Facebook, will be obligated to share information about you with government agencies. The bill’s vagueness means that this information could be anything from your personal emails and Facebook messages, to your browsing history. While CISPA’s authors argue that the legislation would not directly give governments the power to block websites, the bills lack of clarity means that governments could use information shared under CISPA to block access.

All of these powers are designed to combat “cyber-security threats”. But, far from concentrating on Chinese and Iranian espionage, CISPA’s definition of ‘cyber security-threat’ is very broad indeed. The bill’s authors defines it as “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Under those definitions CISPA isn’t much different to SOPA. “Theft of…Intellectual property” covers exactly the kind of activity that SOPA used to justify shutting down entire websites because of unlicensed copyrighted material. If you wanted to be cynical about it, you could argue that CISPA is simply an attempt to hoodwink the population into accepting SOPA-like legislation under a different name.

The big difference

However, there is one key – and rather scary – difference between SOPA  and CISPA. Whereas SOPA demise was brought about through a combination of grass roots activism and strong opposition from big online entities (such as Google and Wikipedia), CISPA has the support of much of Silicon Valley - Google and Facebook both back the bill. Why would Google be anti-SOPA but pro-CISPA? Essentially because CISPA makes life easier for search engines, social networks and other web services. Under SOPA, Google would have to spend much more money policing content to ensure no copyrighted material was being pirated. But with CISPA all Google and Facebook have to do is share information about suspected “cyber-threats” with the government, then government agencies would deal with the problem, without angry copyright holders banging on the door with lawsuits.

This is why CISPA is a potentially bigger threat than SOPA. The act may not be quite as damaging , in the sense that it won’t directly force websites to shut-down, but it has the support of key internet players, which blunts the opposition’s voice. In order to defeat CISPA the public has to mobilise online and offline in order to put pressure on congress. Hacktivist groups like Anonymous have already begun their fight, social networks like Reddit are also keeping-up the pressure, and pretty much every journalist who opposed SOPA is also opposing CISPA. If you are based in the US then email your congressman today, to make your voice heard.

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.