New Law Will Let the Feds Monitor Your Email

Posted May 2, 2012 in Internet Law by Mike Mintz

A new pending law called the Cyber Intelligence Sharing Protection Act of 2011 (CISPA) might make your email a matter of national security. The proposed legislation could include monitoring of your e-mails, filtering content and blocking access to sites.

Critics of the proposed statute argue that it would let internet service providers monitor you for possible infringement of intellectual property, which might include downloading a TV show or watching it on a site like Hulu, posting pictures on Pinterest that you don’t have rights to or giving your friends access to music, video or game files on a shared drive.  The government could even block access to websites that they deem to be infringing based solely on the content on the site, as long as they claim that it was to protect them against a cyber security threat.

Remember back when the Internet went black on January 18, 2012?

All those darkened websites and black bars over web happened when website owners took up cyber arms to protest the Stop Online Piracy Act or “SOPA” as it became popularly known. This legislation would have let the government shut down websites first and ask questions later if they suspected that any content on the site might infringe copyrights (currently there is a more thorough process that involves actual investigation and proof). 

Wide public disapproval stopped SOPA (for now), but new proposed legislation called the “Cyber Intelligence Sharing Protection Act of 2011” (CISPA) might just be SOPA in disguise. CISPA talks are heating up in Congress, and the Act already faces much of the same criticism SOPA received, but will it suffer the same fate? If not, you may just find your favorite websites shutdown or, even worse, a federal agent at your doorstep.

As proposed, CISPA is designed designed to stop the ongoing cyber threats to big companies, including IBM, AT&T and Verizon, all of whom have expressed support for it. The bill would, among other things:

  1. Allow Internet Service Providers (ISP’s) to share information with the government, and vice versa, in order to prevent cyber attacks.
  2. Grant ISP’s immunity from lawsuits if they voluntarily disclose customer information which they believe in good faith to be a security threat.  

CISPA has major privacy problems that violate Fourth Amendments privacy rights including the following:

  1. The language of the proposed statute is vague.  This allows the government and the subject company a lot of leeway in monitoring internet use and implementing measures to counter alleged cyber security threats.
  2. ISP’s and cable and telephone companies would be immune from prosecution if they shared information with the government that currently they are prohibited from doing by law. Needless to say, consumers would not be able to sue the government or the company if their privacy were invaded and if they suffered damages.
  3. The most objectionable part of the bill would give the secretive National Security Agency (NSA) authority over gathering such intelligence instead of a civilian agency such as the Department of Homeland Security.  A recently proposed amendment to the bill would put the Department of Homeland Security (DHS) in charge of gathering the cyber information, however, this amendment would not prevent the DHS from then turning over the information to the NSA.

Critics also claim that the bill does not do enough to protect users’ privacy, because there are no limits on what can be done with the personal information once obtained. Private companies would be able to share this information and there are not enough measures in place to make sure that the data is being used for the right purpose.  Another danger is that the bill does not make companies accountable for failing to protect the personal information of the general public.

Others complain that the bill gives the government too much access to private information. Because the bill does not spell out what information can be shared with the government, anything and everything about the general public’s internet access records can be disclosed, including their use history, search terms and e-mails.  This bill ignores existing laws meant to protect Internet users from witch hunts and government fishing expeditions such as the Wiretap Act and the Electronic Communications Privacy Act which requires the government to have probable cause or a judicial warrant if they want to read people’s e-mails.  Under this bill, companies could read the general public’s e-mails if they could claim some sort of cyber security purpose, however flimsy, and provide them to the government without any judicial review.

CISPA’s reach goes farther than SOPA because it seems to have a more legitimate and governmental purpose (prevent cyber threats v. lining the pockets of Hollywood fat cats). Concerned legislators are trying to work out a compromise to help save the bill from a threatened Presidential veto. Only time will tell if they will be successful.

Tagged as: , , , , , , , , , , , , , ,