Every six months or so, it seems Congress is endangering our privacy with a newfound attempt to spy on Americans through legislation.
The Stop Online Piracy Act (i.e., SOPA) became the first to herald the death of the Internet back in 2011—but lost legislative support after a massive online protest by the likes of Wikipedia, Google, and Facebook. The Internet outcry against SOPA led to every new law regulating the Web to be dubbed “the new SOPA,” from PIPA to CISPA and, most recently, the Cybersecurity Information Sharing Act.
CISA is an attempt by legislators and President Barack Obama to prevent the kind of attacks that triggered massive corporate leaks like infamous hack of Sony Pictures. The bill would create avenues for the U.S. government to work as an intermediary between companies to foster an exchange of information between companies to help prevent hacks and minimize the damage they can do.
Despite widespread support from business leaders, the bill failed last week—with critics citing supposed privacy concerns.
As was the case with CISPA, PIPA, and SOPA, privacy advocates are concerned the bill will give the U.S. government yet another way to spy on citizens. It’s a struggle, however, to see why or how the U.S. government would need another avenue to do so. The actions of the National Security Administration, as revealed by whistleblower Edward Snowden, show that intelligence agencies can access any information they want through any means they want, all without the help of Congress.
Privacy advocates are concerned the bill will give the U.S. government yet another way to spy on citizens.
While it is our right and duty to challenge any attempt at violating the sanctity of our privacy, it’s simply impossible for the U.S. government to have any more power to do so than it already does.
Nearly all of the nightmare scenarios presented by groups like the Electronic Freedom Foundation and the American Civil Liberties Union are already a reality. As Sandra Fulton writes for the ACLU about CISA, “the definition they are using for the so-called ‘cybersecurity information’ is so broad it could sweep up huge amounts of innocent Americans’ personal data,” empowering government agencies to “circumvent the warrant requirement by allowing the government to approach companies directly to collect personal information.”
Writing for the EFF, Mark Jaycox further warns, “What stops your sensitive personal information from being shared by companies to the government? Almost nothing.”
While these are valid criticisms of CISA, most of the baited breath exhaled over the bill completely ignores the fact that their fear is already a reality. Fulton’s concerns over the damage the bill could do to U.S. warrant requirements seem to ignore the complete meaninglessness with which the NSA treats warrants.
While all NSA requests to spy on domestic targets go through a FISA court, their proposals face almost zero scrutiny; the success rate of requests for a warrant from FISA usually hovers around 99 percent, reaching 100 percent approval in some years. Why would the NSA bother waiting around for private companies to volunteer their information through CISA when the agency has carte blanche to retrieve that data any way and any time it pleases?
It’s simply impossible for the U.S. government to have any more power…than it already does.
Barring the use of a warrant, the NSA has a storied history of simply hacking companies in order to retrieve user data. Since at least 2005, the NSA has built a cozy relationship with telecoms to gain access to untold millions of Americans’ phone records and Internet history, installing secret backdoors into telecom infrastructure.
According to leaked documents from Edward Snowden, the National Security Agency kept a bulk collection of American email records for more than a decade and has harvested cell phone metadata for even longer. This is a level of surveillance that can make even the most rational person paranoid, and the NSA did it all without the scantest hint of a warrant or critical oversight.
With that context in mind, criticizing CISA for opening up the possibility of further surveillance is a bit like opening an umbrella to save yourself from a flood. The war against government surveillance is so one-sided it can often seem reasonable to attack the possibility of an Orwellian state because you’ve forgotten you already live in one.
CISA allows the U.S. government to work on cybersecurity with private companies, creating an exchange of information in an effort to help secure American companies and their interests. The government already has full capability to spy on us, and any attack on a hypothetical mistreatment of American’s privacy rights ignores how horribly violated they already are.
This is not to say we should never be concerned about government surveillance—the worst thing privacy advocates could do is give up and go home, simply accepting the status quo. But any attempt to rebuild respect within the federal government for privacy rights must aim for the core programs from the National Security Agency which most endanger it.
The mass spying conducted by the NSA is an atrocious mistreatment and breach of trust that must end—but targeting CISA gets us absolutely nowhere.
Gillian Branstetter is a social commentator with a focus on the intersection of technology, security, and politics. Her work has appeared in the Washington Post, Business Insider, Salon, the Week, and xoJane. She attended Pennsylvania State University. Follow her on Twitter @GillBranstetter.
Photo via nit_soto/Flickr (CC BY SA 2.0)