As consumers, we rely directly on Internet for communicating with others, for earning a living, and for buying things or services that our families need. Indirectly, we depend on reliable Internet service to our friends and relatives, and to our merchants, employers and government. We need the physical Internet to work reliably and we expect the Internet software, individuals and websites that interact with us to follow the laws. Internet works fine until a technology fails or a hacker mounts a criminal or political attack on you.
You are no longer permitted to grab your rifle, saddle up, and drag the varmints back on a rope. A private army is out of the question. Instead we rely on policing agencies empowered for cybercrimes or cyber-terrorism. In turn they hunt cyber-perpetrators with tips from other victims or allies (e.g. Internet service providers) who report suspect behaviors.
That cooperation among government agencies and private companies is what Cyber Intelligence Sharing and Protection Act (CISPA) authorizes and protects from lawsuits. There are some other nitpicky issues, but most opposition comes from those who fear CISPA could reduce our privacy when, a private company shares crime-related customer-specific information with the government. Let’s pretend “tracking” you isn’t the main revenue for the biggest search firms.
Instead of donated tips, government could get a court warrant for suspected US criminals or a FISA warrant for suspected foreign terrorists. There are plenty of US cyber-perps who’d like to be seen as 1st amendment saints. The warrant alternative presumes they know whom to investigate, and that they get the warrant without delay – at Internet speeds – unlikely whenever a court or opposing attorney is involved.
For consumers it would be ideal to have zero loss of privacy and zero loss of safety. But in the wake of any real world crime against you, the investigator will ask for a lot of personal identity and information like — “where were you”, “who has motive”, and “who else might be involved.” Innocent as you are, the victim might name you as a potential witness. Likewise, in return for flying on a commercial flight, your identity and person will be scrutinized. To obtain a credit card or loan, you will hand over massive personal detail. To obtain a driver’s license, you will share more information than just your name and evidence of driving skill. Routinely, you or others share some of your private information for a privilege, an advantage, or some security.
Unfortunately there’s no accepted quantifying method for measuring privacy lost and safety lost. So there’s no repeatable measure of each new law’s shortfall from full privacy and full safety. Minimizing the loss of privacy is a reasonable goal, but we cannot abandon safety due to privacy concerns. Some will not agree. Those who rank privacy as a modern day deity will say tradeoff is the wrong answer. And, the opinions from wannabe hackers or those who parrot what the cool kids say – just don’t align with consumer’s interests.
Some businesses already cooperate with government national security entities. A few get the occasional national security letter, but share whenever Internet events merit it. In my experience, Internet businesses that would be involved in the operation of CISPA can estimate the costs of CISPA versions and they will let legislators know how to avoid the worst outcomes. Their press releases will, of course, feature socially redeeming platitudes.
CISPA may be the right vehicle for balancing privacy and safety through information sharing with private companies, but perhaps it is not. Certainly, no bill worth passing will give 100% privacy and 100% safety, and inaction is the wrong answer.
Alan Daley is a retired businessman who lives in Florida and who writes for The American Consumer Institute Center for Citizen Research