Fourth Amendment Protections Need Clarification in CISPA
Currently, U.S. laws prevent information sharing between the government and private industry. Because of this, companies are unable to get the help they need to prevent being attacked by these state-sponsored hackers and cyber-criminals. This also means that the government is unable to gather the information it needs to seek out, and perhaps neutralize, the attackers. In short, the U.S. is bound by its laws to the point that it is essentially defenseless against cyber-attacks.
Despite all the scary words being bandied about on the chat forums, this proposed law does not give the government free rein to go after people who share movie files or music or even those who run sites that offer copyrighted material for download. The law limits the information sharing to be related to national security and it specifically prohibits the use of the information by regulators or information sharing for any other purpose except for fighting cyber-attacks.
While there has been some concern that the government would create a quid pro quo situation in which companies would be required to turn over information so they could receive help from the intelligence community, that potential hole has been plugged by an amendment written by the bills original author.
Does this mean I think that CISPA is perfect as written? No, I dont. I think some protection against Fourth Amendment violations could be more clearly written into the bill. For example, if the government were to receive personally identifiable information thats currently protected under one of many federal laws, then it probably should require a warrant for that information to be seen or used.
In addition, there needs to be stronger language preventing the sharing of information gathered in the process of fighting cyber-warfare or cyber-crime from being shared with law enforcementunless the information being shared happens to reveal the cyber-criminal. Then the normal rules of criminal investigation procedure should be followed as if evidence of a crime were uncovered during some other government activity.
Currently, theres nothing in CISPA that specifically violates anyones civil rights, unlike the proposals in SOPA where there were clear First Amendment violations. But that doesnt mean that CISPA should protect known or discovered cyber-criminals either. But it should be clear that if such people are discovered, then it should be handled according to standard legal criminal procedures and precedents.
On the other hand, this also shouldnt mean that the legitimate interests of the U.S to protect against outside attacks should be hampered. Right now, the U.S. is effectively hamstrung when it comes to defeating cyber-attacks. That needs to be changed. So instead of mindlessly railing against the law, perhaps some constructive effort in making the law better would be good idea.