So, CISPA, Cyber Information Sharing and Protection Act, is the newest cyber bill on the block. There is a difference between this and the other laws though. In SOPA and PIPA the laws were mandatory, and the government could simply act. In CISPA companies can willingly filter material and this may be based upon information the government perceives as a threat. Companies such as Facebook, Microsoft and IBM are supporting this bill. Although Google hasn’t publicly backed the bill, according to Mike Rogers of R-MI , “They’ve been helpful and supportive of trying to find the right language in the bill.”
So, in this law, the government and internet companies can voluntarily share information about cyber threats and suspicious activities online. However, the problem with voluntary sharing programs is that they can turn into “voluntary” programs. What do I mean? Well, if the government is not required to give the information to all parties that could be affected in some sort of terrorist act, they could decide to only give information to companies that are sharing information with the government. Additionally, the government could punish companies, like Twitter, that fight the government over privacy issues by not sharing information.
These are pretty obvious problems with this type of law. It assumes that each event is independent and previous actions have no consequent. This is a faulty premise. If this is viewed as a multi-turn prisoner’s dilemma, it’s obvious that with repeat interactions the best course of action will always be to share. This will likely lead to sharing when there are cases of doubt over if the company should share or not. Companies will value security over privacy, because the future benefits outweigh any punishment the users can enact on the companies.
These types of pseudo quid pro quo is impacting the US government in other ways including lobbying. It is likely that this information exchange will be used by companies whenever there are negotiations for future laws. They will be able to say, “you need to respect our rights to X, look how friendly we’ve been with the government” and then show a list of times they voluntarily gave data to the government. This was a tactic that Ma Bell used to keep their monopoly as long as they did. Because the company was providing the government with extra public goods (military research), the government was willing to over look the fact that the company was a monopoly and perhaps should be broken up.
CISPA is a dangerous law and we need to pressurise internet companies to step away from accepting this law. We also need, if it passes, a better understanding of when companies hand over data willingly and for what reasons. We should also be notified each time that a company hands over our data about us to the government for any reason.