With the flood of #CISPA-related noisemaking quieting down, I’d like to remind you – yes YOU writers, readers, and netizen friends – why you should still care about what’s happening in Congress right now. Regardless of where this particular piece of legislation ends up, the atmosphere of an internet-phobic government poses a very real danger to all of us.
Even aside from it’s privacy violations, overbroad categorization of activities as “threats”, and complete disregard for due process, CISPA is a worrying indication of the absurd contradictions in our messy internet legislation, and the complete breakdown of communications between the internet users and their legislators.
While obsessively following all CISPA coverage last week, one small problem caught my eye. This one small problem stood out in a sea of many because it flew in the face of previous internet legislation that has been getting a lot of press this year: the wildly overreaching Computer Fraud and Abuse Act (#CFAA).
One of the (many) problems with the CFAA is that it takes violations of terms of service and turns them into (potential) massive criminal offenses carrying years in prison. It was this legislation that was used in the vicious and wildly disproportional bullying of Aaron Swartz – bullying that ultimately led to his death.
CISPA on the other hand was deliberately formed to allow for terms of service violations. In the one move that could have partially redeemed the legislation, an amendment was proposed that would prevent individuals, in particular employees and job candidates, from being forced to give up passwords to their personal social media accounts. Though not a common practice, the fact that it has happened shows it to be a very real threat – and one which is a blatant violation of the terms of service of those same social media sites. Take a look at what Facebook’s terms have to say about passwords:
That’s a pretty unequivocal laying down of the law – not to mention common sense. Don’t share your password. It puts you and anyone you’re FB friends with at risk. Don’t do it. Seriously. Don’t.
CISPA seemed to agree with this.
Until, of course, the provision to protect individuals from this kind of abuse was defeated.
Again, this is one of many aspects of CISPA that put internet users (read: everybody) at risk. But what really stands out about this one small detail is the blatant contradiction we would have on the books if the bill passed into law. Add CISPA to CFAA we have a pair of laws saying simultaneously:
The most worrying part is that individuals – aka Congress’s constituency – get the short end of the stick every time. When an individual is circumventing the terms of service, they are criminals and can spend years in prison. But put the power in someone else’s hands, say an employer, and that same individual can be coerced to give up their personal information – in violation of those same terms of service.
How do legislators reconcile this inconsistency?
As the Twitterverse has shown, many leap to malice as the explanation, and blame the slow but deliberate slide towards a police state for harmful legislation. I won’t say they’re wrong. But, the reality, I think, is both simpler and much, much more worrying: foolishness. A bumbling and scared Congress responds to very real threats – identity theft, hacking, espionage – by fumbling with solutions that they simply do not understand.
With any luck, CISPA will be dead in the water before reaching Obama’s desk. However the endemic cluelessness and misplaced hysteria demonstrated by this type of legislation is very much alive. The contradictions in CISPA and the CFAA do not simply reflect two different approaches, like say legislation on revitalizing the economy. It does not even reflect diametrically opposing moral positions, like, for instance, abortion or capital punishment debates do. Rather, it reflects a fundamental lack of understanding of that which is being legislated.
This is scary.
Why should you be scared?
Because you’re here.
Our contracts, the explicit and implicit agreements we make every day on the internet, are ubiquitous in our society. Our personal lives, our professional lives, our social identity, our goal paths, our self-education, and enjoyment of life…. all of these things intersect with the digital world on a daily basis. Whether we are digital natives glued to the screen or we’re just trying to get a job, we can’t avoid intersections. The cluelessness in Congress and the messy laws growing out of it affect all of us, whether we want it to or not.
The basic provisions for privacy and due process have been defended and upheld for centuries as pillars of modern democracy. But as soon as the internet enters the picture, these rights fall by the wayside. Bad as that sounds, I don’t want to attribute malice here. I don’t think that it’s either accurate or useful to forget the part that plain old confusion and ignorance play in overreaching and nonsensical laws.
And the only thing that combats ignorance and confusion is communication.
So even if CISPA dies, remember it for when the next contradiction comes through Congress. And don’t ever stay silent.