Down with CISPA

America needs to stop preaching civil liberties abroad while passing privacy-destroying bills at home.

On Thursday, April 26, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), the first major Internet-regulation bill Congress has tried to pass since mass protests led to the spectacular collapse of the Stop Online Piracy Act (SOPA) in January. CISPA, while aimed at a much different subject, gained much the same ire as SOPA, given its potential effect on Internet freedom. Although sold as a bill that would strengthen cybersecurity, CISPA would have huge implications for Internet users' privacy both domestically and abroad if the Senate passed it in the coming weeks and it became law.

According to the bill's main author, Rep. Mike Rogers (R-Mich.), CISPA's main purpose is to allow companies and the government to share information to prevent and defend against cyberattacks. But the bill's language is written so broadly that it carves out a giant cybersecurity loophole in all existing privacy laws.

The problem is in the bill's definition of "cyber threat information" and how companies can respond to it. "Cyber threat information" is an overly vague term that can be interpreted to include a wide range of tasks that normally wouldn't be considered cyberthreats -- like encrypting emails or running an anonymization tool such as Tor -- and as a result, a company's options would be so numerous as to allow it to read any user's communications for a host of reasons.

Those communications could then be handed over to the government voluntarily without a warrant or any oversight, nullifying well-established laws like the 1968 Wiretap Act and the 1986 Electronic Communications Privacy Act, which prevent companies from reading your communications except under very specific circumstances and prevent the government from getting users' communications without judicial review.

Once the U.S. government gets hold of such information, the problem intensifies. Private communications can be passed on to intelligences agencies like the National Security Agency (NSA) and the military -- bypassing decades of law barring intelligence agencies from spying on Americans -- and be used for other law enforcement purposes besides cybersecurity. Almost as an afterthought, the bill also increases government secrecy -- already at an all-time high -- by creating a new exception to the Freedom of Information Act for any information the government receives from companies.

It has become clear by now that CISPA is far more than a mere "cybersecurity" bill.

As such, CISPA has enraged civil liberties organizations and a host of other actors, from free market groups to Internet security experts. The bill's flaws are so obvious that Barack Obama's administration -- despite strongly pushing Congress to pass cybersecurity legislation -- issued a veto threat Wednesday, decrying the fact that CISPA "effectively treats domestic cybersecurity as an intelligence activity."

But that hasn't stopped Rogers from continually insisting that he's listening to the concerns of civil liberties groups and ordinary users. The congressman said Tuesday in response to criticism, "[Privacy advocates] have been very good working with us on language to get the bill to a point that helps them protect users and protect their civil liberties." He repeated much of those same claims on the House floor on Thursday, claiming that CISPA is "narrow" and "extremely limited" and that he was trying to accommodate the bill's critics.

In reality, the opposite was true. Rogers refused to even allow some common-sense, substantive amendments to reach the House floor, such as requiring companies to remove an individual's information before handing it over to the government, anonymizing data when it's shared between agencies, or making sure the government gets a warrant before looking at identifying information. Rogers also rejected an amendment that would prevent military and intelligence agencies like the NSA from receiving sensitive user data under this cybersecurity program. Instead, he offered a handful of cosmetic changes that did nothing to alleviate anyone's concerns.

Perhaps realizing that Congress was starting to catch on after co-sponsors started to change their minds during the debate, Rogers halted debate on additional amendments and called for an immediate floor vote a day earlier than scheduled. In the end, CISPA passed 248-168.

But despite the climactic outcome of Thursday's vote, the battle over cybersecurity legislation is far from over. The same debate about privacy still looms in the Senate, where at least now, many of the same concerns will be front and center. A Senate version of the bill, sponsored by Sen. Joe Lieberman (I-Conn.), contains many of the same exceptions to federal privacy law. Sen. John McCain (R-Ariz.), who doesn't think Lieberman's bill goes far enough, is sponsoring a competing bill that would actually require that more control over the Internet be handed to the NSA.

But the debate over privacy is bigger than any of these bills. It has become increasingly clear that just about any U.S. regulation of the Internet affects users worldwide, both in practice and -- perhaps even more crucially -- as model legislation for other governments. Just as SOPA would have allowed for the censorship of foreign websites (in fact, those were its target), CISPA allows companies to access any communications -- foreign or domestic -- which could then end up in the hands of the U.S. government. Global Internet users have taken notice, with the NGO Avaaz gathering almost 800,000 signatures against CISPA, many of which are from people outside the United States.

The Obama administration's "Internet freedom" agenda -- already tarnished -- is on the line, and at least this time, officials seem to realize that their actions will have a direct effect on their foreign policy. CISPA came to a floor vote the same week that the Obama administration issued an executive order targeting U.S. companies that sell censorship and surveillance gear to Iran and Syria. The order, though a step in the right direction, came under harsh criticism given that the NSA is allegedly still running much of its warrantless wiretapping program -- first exposed in 2005 by the New York Times -- at the same time Obama is decrying mass surveillance in other countries.

There are signs, however, that the Obama administration is learning that it can't have a "do as I say, not as I do policy" when it comes to Internet freedom. During the SOPA debate, the State Department refused to comment on the bill despite virtually the entire tech industry complaining that it would amount to mass censorship. A spokesperson even released a statement at the time saying, "The Department of State does not provide comment on pending legislation," despite a provision that would have made much of the circumvention software it is funding -- to the tune of tens of millions of dollars -- illegal.

In stark contrast this time around, Secretary of State Hillary Clinton's senior advisor for innovation, Alec Ross, was the first U.S. official to definitively say, "The Obama administration opposes CISPA," as he matter-of-factly told the Guardian Monday. Prior to that, the administration had only released a broad statement saying that "privacy and civil liberties" should be preserved in any cybersecurity bill.

Given the increased attention to cybersecurity around the world, governments will watch and learn from the U.S. experience. If the United States continues to preach privacy and civil liberties abroad while Congress passes a privacy-destroying bill at home, the results will be much the same as CISPA: a bill designed for a legitimate purpose, used as another excuse to encroach on the freedoms of ordinary citizens.



The Work of All Nations

President Barack Obama's creation of an Atrocities Prevention Board is an important step, but America can't prevent genocide alone.

For all the terrible tragedies befalling the millions who have been murdered in mass atrocities, the human mind is best able to comprehend these crimes by remembering individuals we have seen with our own eyes, whether in person or in pictures.

So it was that, in his magnificent speech on Monday, April 23, about preventing as well as punishing genocide, U.S. President Barack Obama recalled two vivid images of inhumanity. The first was "an old photo" he himself had seen while visiting Buchenwald of "men and boys lying in their wooden bunks, barely more than skeletons," including a 16-year-old Elie Wiesel. The second was the suffering that Obama's great uncle had witnessed when, as a soldier in the U.S. Army during World War II, he "was stunned and shaken by what he saw when he helped to liberate Ohrdruf, part of Buchenwald."

Of course, as Obama said, the Nazi Holocaust remains "a crime unique in human history." And I applaud him for declaring that "Preventing mass atrocities and genocide is a core national security interest and a core moral responsibility of the United States of America."

Still, when I think about mass atrocities, the most vivid images that come to mind are those of my own countrymen and women, the Kosovar refugees from the conflicts of the late 1990s, who were shot at and shelled and streamed across the border to safety in Albania. And when I think about how to prevent such tragedies, it seems clear that America cannot do it alone and that the "core moral responsibility" belongs to us all.

Obama has committed the United States to doing the right things for this great cause. He announced the creation of an Atrocities Prevention Board, with the aim of focusing the attention and resources of every U.S. government agency on anticipating and preventing atrocities before they occur. He is initiating new sanctions against those who use information technology to abuse human rights. He has asked for a national intelligence estimate of the risk of mass atrocities, instructed the Treasury Department to deploy financial tools against atrocities, and ordered the military to incorporate the prevention of atrocities into its doctrine.

While laudable, the actions of one nation alone will never be enough to prevent future atrocities. This must be, as Obama said, "the work … of all nations." It must involve every country, on every continent, from small nations such as Kosovo to the major economic, political, and military powers.

We were all haunted by the inhumanity that occurred in the places Obama mentioned, among them Cambodia, Rwanda, Bosnia, and Darfur. The capacity for cruelty knows no regional boundaries, and neither must the impulse to take action to save lives and avert suffering.

In Kosovo, we are working hard to prevent such horrible things from happening again by seeking to create an open, multiethnic democracy. We have embarked on a constructive dialogue with Serbia to close the dark chapter of our past and begin a new one based on peace, tolerance, and mutual respect. During my official visit to the United States earlier this month, I proposed establishing a committee for truth and reconciliation to help both Albanians and Serbs leave the bitter past behind. We stand ready to work hard with all our neighbors, including Serbia, to ensure that all mass atrocities are stopped forever.

Other nations of the world must also find a way to do collectively and internationally what Obama has committed the United States to doing on a national basis. Working through international organizations -- global and regional -- the nations of the world should establish international counterparts to America's Atrocities Prevention Board. We must get better about sharing information on threatened atrocities and coordinate international efforts to prevent them.

As part of this effort, the United Nations should expand the role of the special advisor on the prevention of genocide to lead a secretariat and information clearinghouse for the U.N. equivalent of the Atrocities Prevention Board. Within the Organization for Security and Co-operation in Europe, the functions of the Office for Democratic Institutions and Human Rights should be expanded to perform a similar function for the organization's 56 participating states in Europe, the former Soviet Union, and North America.

As President Obama rightly reminds us, "'Never again' is a challenge to nations." It is up to all of us to answer that challenge.

AFP/Getty Images