Monday, May 7, 2012

CISPA: An Alternate Future Where Your Personal Privacy No Longer Exists

By Adam Dachis ~ May 7, 2012 ~ LifeHacker

Last week the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), a follow-up bill to SOPA that wants to erode your personal privacy. The bill, itself, is palatable enough that Facebook and Microsoft gave it their seal of approval, and it's already got a kick start towards passing into law. So what would life be like if CISPA were part of our reality?




I Am Not Who You Think I Am
I am not a child pornographer, but you've probably heard otherwise. Everyone tells the story a little differently. Sometimes my classmates say I chose to drop out of the private college I'd wanted to attend since the day I understood ambition, and others believe my departure was the result of an expulsion. I'm not sure whose choice it was anymore, but ultimately it doesn't matter. You don't actually have to be a bad guy—you just have to be painted like one.

Back in early March 2013, a 12-year-old girl uploaded a copy of Toy Story to share with a friend she met online who lived overseas. That friend shared the movie with others, and suddenly it was heavily downloaded across the globe. The girl who shared it had no idea, but when the Motion Picture Association of America (MPAA) caught wind of her actions, they pressured the government for information. Just a year earlier you'd see internet service providers, web apps, social media services, and most corporations act cautiously before turning over private information about their clients—12 years old or otherwise. Then CISPA passed, and safest thing for any corporation was to provide the government with what they asked. Because cyber security was never clearly defined in the law, the possibility of intellectual property theft was a justifiable cause for investigation. The government took the girl's information and provided it to the MPAA. Days later, a lawsuit was in place. At first I didn't believe this because it sounded so ridiculous, but then I remembered that a similar suit was filed against a 12-year-old girl for downloading music in 2003. And then something impossible happened to me.

I Drew the Wrong Card
I never had aspirations of becoming a writer, but my parents were both hard workers and always insisted that I'd be best served in any profession if I spent my time on writing and math. Being the geek that I am, math came easy but I wasn't so fortunate with words. It's one of the reasons I chose my college. It was known for its communications school, and every major was required to study several dimensions of writing. Incoming Freshmen were required to take two essay-writing courses during their first year. Most students were averse. I was excited.

The course options varied from the dull to the dramatic, so I wasted no time registering for an essay class simply labeled "Controversy." Each month we wrote a short argument about subversive topics selected at random. Every student drew a small card from a brown paper bag. Most of my classmates wanted the card that read "legalize marijuana." I wanted more of a challenge, and I got one. My card read, "reform child pornography law."

At first I was a little concerned. It seemed incredibly wrong to even argue against any laws that served to prosecute child pornographers, illustrators, or anything that sought to sexualize children. But after a little research, I discovered that many of the laws were vague and too broadly applied. They were written in a way that allowed the government to prosecute and convict alleged deviants based on flimsy evidence. It wasn't much different from CISPA, which was signed into law highly due to its broad language.



Full size


As I continued my research I found more and more instances of laws with vaguely-defined terms that were designed to be tough on crime. No one bothered to oppose them in fear of being painted weak, or as a lover of terrorism and sexual deviancy. As a result, innocent people ended up in jail as collateral damage. The law had chosen to try and assuage our fears by sacrificing our freedoms as payment. But even worse, it didn't seem to be working. When you cast a wide net, you not only catch too many fish but so many that you can't find the fish you're actually looking for. People who broke the law weren't getting caught because the resources previously utilized to catch them were diverted to finding offenders before they actually offended. It's a nice thought to think we can preemptively prevent a crime, but it just doesn't work.

Nonetheless, you can't write an argument against child pornography laws without feeling at least a little gross. Just the act of Googling "information about child pornography" is enough to unsettle most stomachs, mine included. I made myself feel better by making off-color jokes about the subject in online chats and emails. I even posted a few of them to Facebook. I'd always been very careful about what I shared online, but we have a tendency to only try to protect ourselves when the threat is obvious. I didn't conceal my subversive sense of humor because I didn't believe that anyone would care. I did request for my search history to be tossed out, but it turned out that choice only applied to my account. My history was still being tracked "anonymously" with my IP address.

Perhaps none of this would've mattered if my school's servers hadn't been hacked. You wouldn't think there was much to hack, but the college had a system that allowed students to use their identification cards to make purchases at the bookstore, in the cafeteria, and at any other retailer partner around the city. The college charged all of our purchases to a stored credit card number at the end of each month, and the hacker seemed to be after that data.

Many private colleges—especially the older institutions—are a bit behind on security so this database was an easy target. They never caught the hacker, but s/he sold the data and it became one of the larger identity theft investigations that year. As a result, the federal government took an interest and started an investigation. While the interviews were tense (for those of us who had them) and watching the FBI roam the campus made everyone uncomfortable, the real problem came when they acquired our private data.

Student email, chat logs, search histories, social media posts, and more were handed over to the feds. Google, Facebook, Microsoft, Mint, Twitter, AOL, and Yahoo were all in compliance. CISPA made it practical for companies to ignore our privacy and offer up our data because they were shielded from any legal action on our part. It was during the many months that the FBI combed through our stupid conversations and useless posts that they found no hacker in the student body. But they found supposed evidence of drug sales and a few media pirates. They also found a common thread in my data: child pornography.

My Reputation Was Collateral Damage
The first chat began with the school, who chose to inform me of the allegations before I spoke with the authorities. It didn't take long for the other students to hear about my alleged sexual deviancy. They'd heard about the drug dealers and the downloaders, too, but those crimes assumed a certain "bad ass" quality that did little to ruin a reputation. When people believe you might be a sex offender, it doesn't really matter if you are. The damage has already been done. It's the sort of accusation that follows you for life.

Eventually my name was cleared, but not before the school asked me to take a leave of absence until the investigation was complete. I didn't argue. My roommate requested a transfer that was quickly granted. I received looks and threatening notes. My friends had my back, but I could tell that defending me took a toll on them, too. It was best for everyone if I just left.
I didn't think much of CISPA when it passed into law. It seemed like the sort of thing that would only reach people who put themselves in bad situations. I'd never expected that going to college would fall into that category.

It was a bill that never should have passed in the first place. At the time, President Obama had promised to veto CISPA if it ever reached his desk, but even the best-intentioned politicians make compromises. He did the same thing with the National Defense Authorization Act, after all. Perhaps CISPA passed because the internet had just put up a valiant fight against SOPA and PIPA and didn't have the energy to take on yet another piece of frightening legislation. What worries me the most is the ability humans have to adapt. Many were outraged when CISPA was signed into law, but we felt that way about the Patriot Act, too. We adapted. We started ignoring the stories about victims until news organizations saw no reason to provide them anymore. The CISPA stories still manage to get a little press, but nothing has changed. We now have a government that works hand-in-hand with business.

We let this happen. CISPA may not directly affect everyone, but it leaves the possibility of everything we share online becoming an accusation. When we all live in glass houses, anyone can look guilty. It's easy to think you'll never be targeted, but I made that mistake. Hopefully now you'll know better.

This Is Not Yet Our Reality
Currently, CISPA has only passed the House of Representatives. Before it can reach the desk of the president, it must pass the Senate as well. If you oppose CISPA, contact your state senators and let them know how you feel. The web site SOPA Track now provides information about the position of each senator so you can find out where they stand as well as contact them if you disagree. The vote is coming soon. Now is the time to act.

Note: This is a fictional narrative based on what we believe the U.S. might be like if CISPA is passed into law, based on an in-depth discussion with Derek Bambauer, Associate Professor of Law at Brooklyn Law School. This story hasn't happened, but we've created it to illustrate one probable future.

No comments:

Post a Comment