It’s hard to be a web user these days, especially since the government has gotten so interested in what we’re doing online. Bills and proposed regulations that target web activity and user data are popping up all the time, and it’s hard to keep track of what any of this actually means. It gets even worse when we can’t figure out who — if anyone — is actually on our side, and when compromise has to take the place of all-out war.
Occasionally, things are easy, like SOPA. It was a ridiculous bill for the myriad reasons cited between its rise to prominence in October 2011 and its eventual shelving in January 2012. It would have led to absurd lawsuits and would have proved to be an incredible burden for many web service providers. But that bill clearly targeted web users’ favorite web sites and the users themselves — if you were in one of those two camps, it was easy to pick a side.
Some things are trickier
I admit I have been somewhat taken aback, however, by the outrage over the Cyber Intelligence Sharing and Protection Act, or CISPA — namely, the allegations that it’s little more than SOPA 2.0. As I explained in a post yesterday, although the bill does mention intellectual property, it doesn’t aim to target illegal downloading. It targets actual breaches of corporate networks in an attempt to steal files, and that’s a good thing.
I get why web users are gun-shy about copyright infringement, but things like legislative intent do matter. It’s probably not worth burning cycles chasing red herrings.
A law is only effective if it can withstand judicial scrutiny. Otherwise, something happens, someone files a lawsuit, and a court either declares a law unconstitutional or narrowly construes its meaning. The latter happened earlier in the week when the Ninth Circuit Court of Appeals held that the Computer Fraud and Abuse Act doesn’t apply to cases where people merely exceed the permissions to which they’ve agreed. It’s a very good example of the importance of legislative intent, as both the majority and dissenting opinions agree on the cases the law did not intend to target (i.e., employees using Facebook at work or dating-site users lying about their physical attributes).
However, the CISPA does present a tricky question for web users to answer: When it comes to privacy, do we trust the government more, or do we trust Facebook? Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, made some good points about CISPA’s privacy shortcomings in a U.S. News & World Report article on Thursday. We already knew the bill’s language about information sharing and protective measures was vague, but Dempsey suggests government pressure might make sites like Facebook willing to share more-personal information on users than they’d normally do.
The bill actually purports to put the power in companies’ hands, stating that ”Cyber threat information … shall only be shared in accordance with any restrictions placed on the sharing of such information by the protected entity or self-protected entity authorizing such sharing, including, if requested, appropriate anonymization or minimization of such information.” But even if companies would like to just provide the anonymous bits and bytes related to suspected attacks, says Dempsey, “The government can say ‘You want our secret sauce, give us all your data; if you play ball with us, we’ll play ball with you.’”
Who’s on our side, and what can we live with?
But Facebook wouldn’t do that, right? Or Google or Twitter or any of the large web companies web users sided with to help defeat SOPA? Well, maybe. After all, they’re the villains in the debate over web privacy, right? And it’s possible they’re more concerned with their own self interests in preventing attacks than they are with any specific sets of user data, right?
But doesn’t that make the government two-faced? After all, it’s the hero in the debate over web privacy, becayuse it’s the one that wants to regulate what web sites can do with the data users are all but forced to hand over in order to use any web service. Right? Well, maybe the Federal Trade Commission has users’ best interests in mind, but the Justice Department, which for years has been leveraging antiquated laws to demand user data without search warrants — and which is the agency at play in CISPA — doesn’t seem to think that data should be so private.
I guess what I’m saying is that the law isn’t always black and white, and reacting to the words intellectual property within a bill with crazy arm-waving and chants of SOPA 2.0 probably aren’t too effective. We actually need to consider what proposed laws say, how they relate to existing legal doctrine and what are the interests of the parties involved, and then react accordingly.
Often times, as with CISPA, that requires not throwing the baby out with the bathwater, or even throwing out the bathwater at all — because when Congress and industry are aligned, something is going to pass. Rather, we’ll have to determine what’s actually wrong with the bathwater and then figure out a way to make it tolerable. And those debates are a lot harder, a lot more nuanced and a lot less fun than sticking it to SOPA supporters.
Feature image courtesy of Flickr user aesop.