Category Archives: Legal issues

A Positive Side to CISPA?

CISPA - The solution is the problem

CISPA – The solution is the problem (Photo credit: DonkeyHotey)

In an opinion article for Digital Trends, Andrew Couts, points out some positive information( in his opinion) about the passing of the Cyber Intelligence Sharing and Protection Act.  His article, Five things everyone needs to know about CISPAstates that specific amendments made prior to the passing by the House, have actually improved the bill.Couts says these are the five things people should be aware of.

1.  CISPA has nothing to do with SOPA.

2.  CISPA got better with amendments.3.  …But it’s still fundamentally broken.

4.  CISPA is not the only cybersecurity bill in Congress.

5.  CISPA likely won’t pass the Senate. (unchanged)

The first point Couts makes is this, “CISPA has to do with privacy. SOPA dealt with censorship. CISPA threatens our Fourth Amendment rights — the right against “unreasonable searches and seizures” — because it allows businesses to hand over a staggering amount of information about us to the federal government with impunity. SOPA threatened our First Amendment rights — the right to free speech — because it would have allowed the federal government to block access to websites using the same practices employed in oppressive regimes, like Iran and China.”

His second point?  “A total of 11 amendments were added to the bill, some of which made positive changes to the types of information that may be shared, and how the government may legally use that information.”  He continues on to list some of the major changes made in the bill and discusses the most notable change, the Quayle amendment that he summarizes in his article.

“One added provision, known as the Quayle amendment, has raised the most number of eyebrows. It outlines the purposes for which the government may use information collected from businesses. They are as follows:

  1. cybersecurity;
  2. investigation and prosecution of cybersecurity crimes;
  3. protection of individuals from the danger of death or physical injury;
  4. protection of minors from physical or psychological harm; and
  5. protection of the national security of the United States

Couts goes on to discuss why he thinks the bill is still flawed and said, “For starters, the bill still does not provide any limits on the information shared under CISPA to be passed along to shadowy organizations, like the National Security Agency, which has essentially no public oversight. Furthermore, CISPA still allows data collected under the bill to be used for vague purposes of “national security,” a term that could mean almost anything.”

He also informs his readers that there are two other bills currently in Congress, one brought forth by Sen. John McCain (R-AZ) called SECURE IT Act or S. 2151.  The other bill is presented by Sen. Joe Lieberman (I-CT), called Cybersecurity Act of 2012 or S. 2105.  Couts explains that both other bills share the problem of broad language like CISPA and that it’s possible in the end that CISPA could be combined with one of the two bills.  Couts reports that currently, Lieberman’s bill has the support of the White House and Senate Democrats.  This is significant since the President has threatened to veto CISPA if certain changes do not take place.

The veto issue is also part of Couts last point, that CISPA will not likely pass in the Senate.  He includes the caveat of change.  If certain requirements outlined by the President take place, and the bill can be hashed out to everyone’s liking, it may pass into law.  Considering the track record, of the two major political parties agreeing on anything, as being less than stellar, I’m personally not going to hold my breath.  That doesn’t mean I’m not deeply concerned about the bill.  After all, it did pass the House with a 248-168 vote and had over 100 cosponsors, which is cause for serious concern for all those who use the internet, and more specifically, investigative journalists.

Overall, I don’t see any real positive change in the language of the bill.  I’m concerned for investigative journalists for a very good reason.  The nature of their work.  The “watchdogs” of government may have to begin re-thinking the methods they use to get information online.  I’m skeptical that should the government get wind of an investigation through the abilities provided by the CISPA bill, they would just let journalists go about their job undeterred.  We may end up seeing more instances like what happened to the two journalists working for USA Today.  You can read more about their story here.

So what’s the take-away?  Well, as Couts points out, it’s a long process and we should all be willing to accept that fact, and keep paying attention no matter how long it takes for a decision to be made on CISPA.  Journalists especially, should be paying close attention.  If you thought there were problems with the use of anonymity before, just wait and see what happens when the government, at will, snoops around your information and starts to monitor you under the guise of national security.  (Especially if your story targets the government.)  As a computer scientist friend of mine casually suggested recently, getting to know the ins-and-outs of encryption might become a valuable investment in your career.


You’re Hired! By The Way, Can We Have Your Facebook Password?

Jon Brodkin, wrote an article for ars technica today about employers asking potential new hires for their Facebook passwords and usernames.  It seems that while most of the reported circumstances involving this scenario took place two and three years ago, the action has gained new tread.

According to the article, two senators, Richard Blumenthal (D-CT) and Charles Schumer (D-NY), have asked the Department of Justice and the Equal Employment Opportunity Commission, to make a ruling on whether the requests violate federal law.

According to the article by Brodkin, Facebook stated that they could take legal action against the various employers, but have no plans to do so at this time.

In another article written by Brodkin, he includes a quote from the Facebook company,

“As a user, you shouldn’t be forced to share your private information and communications just to get a job,” Facebook said. “And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.”

Blumenthal,  is quoted by Brodkin saying these requests are an “unreasonable invasion of privacy.”

So my question is this:  Is this an unreasonable invasion of privacy?

By becoming a member of such social media sites, do you forfeit a certain amount of privacy?  If you are a Facebook user, and say you have 900 “friends”, and lets also say that you post daily life occurrences, personal opinions, photographs and the like, are you still technically, a completely private citizen?  Or have you now jumped into the public arena as some public figure, albeit on a small-scale.

The Sandra Fluke fiasco brought to light a few interesting media law questions.  She chose to take part in a public discussion in front of a mock committee of democratic members of Congress, camera’s rolled and Fluke offered her views and opinions on the topic to be forever part of public record.  Some argue that at that moment, her reasonable expectation of privacy lowered a great deal.

In the spirit of free speech, she has every right to express her views, as do Facebook users.  But, in doing so, it is possible that we are entering a new kind of public arena, opening ourselves to targeted criticism, and possible negative consequences and repercussions from things we say and post.

Is it different if you use the most private settings for your Facebook account?  If your account is completely and  unabashedly public, should that be taken into consideration?  Should these requests by employers be discussed on a case by case basis, depending on the level of privacy chosen by the social media user?

Is there anything wrong with potential employers asking for this information, to make sure that the candidate is the right choice for the company?

Employers do run credit checks on potential new hires, and background checks.  Is this any different just because the medium is different?  I’m not so sure it is.  I can see how both sides of this issue can be argued.  It will be interesting in the coming weeks to see what proposals for legislation manifest, and if this issue acquires new-found “legs”.