As congress draws closer to weighing in on the Cyber Intelligence Sharing and Protection Act (CISPA) later this month, it is becoming increasingly apparent that the fight for sensible internet privacy legislation is not a corporate interest.
Officially backed by twenty-eight companies including Facebook, AT&T, and Microsoft, CISPA aims to fundamentally change the relationship between the private and public sector by encouraging companies to share your personal information with government agencies without penalty.
With the broad support of corporations – the largest of which opposed the Stop Online Piracy Act – it would seem that there would be conclusive incentives for companies welcoming the surrendering of private user information for cyber security means. After all, as Tim McKone, AT&T’s Executive Vice President of Federal Relations stated in his letter of support for CISPA:
The sharing of cyber threat and attack information is an essential component of an effective cyber-defense strategy, and the legislation helps to provide greater clarity for private sector entities. We commend the bill’s sponsors for their leadership on this critical issue.
While McKone paints a pleasant picture of the interaction between the public and the private sector, AT&T’s testimony before the House Energy and Commerce Subcommittee on Communications and Technology shows a company confused and reluctant of government regulation.
When asked by Virgin Islands delegate Donna Christensen about the role of the FCC in combating cyber crime, for instance, AT&T’s Senior Vice President and Chief Security Officer Edward Amoroso did not hesitate to outline the inability of the government to have any meaningful solutions:
“I don’t think there’s an agency right now that’s in a good position to come in and solve a problem that we can’t solve ourselves…if there was an obvious set of things that should be done right now, I’m kind of thinking the groups that are here would be doing it. We are incented to do that.”
Amoroso’s testimony demonstrates that complexity of dealing with cyber security while also admitting that overreaching security laws would do little to resolve the problems at hand. “The problem is,” Amoroso explains, “that we don’t know what it is that you should be telling us we should be doing.”
Additionally, it is important to note that there are already laws in place which allow law enforcement and private companies to share information through subpeonas and other legal means. (Click here for an example of Facebook’s compliance with disclosure of information.) CISPA ultimately attempts to take the liability away from companies who currently have the discretion of disclosing your information and places the decision solely in the hands of the government; all at the expense of the user.
CISPA would effectively take the door off the hinge of every household in America, but lacks the tools necessary to distinguish whether there is a criminal hiding in the attic. Why surrender the core of our privacy for the sake of corporate and governmental convenience?