Like many internet companies, Gliph is based in the United States and is governed by the laws of this country. Gliph respects the United States’ need to maintain national security. However, Gliph opposes CISPA as proposed because the legislation conflates cybersecurity with surveillance and information sharing. CISPA significantly erodes the privacy of internet users.
What is CISPA?
At the time of this writing, CISPA is H.R. 624, (web, pdf), the Cyber Intelligence Sharing and Protection Act. CISPA is just a bill, which is a proposed piece of legislation that has the potential to become a federal law in the United States.
CISPA’s purpose is to help the United States investigate cyber threats and ensure the security of networks against cyber attacks. The bill aims to add legal framework for the sharing of information between private companies and the United States government.
Why Oppose CISPA?
Gliph appreciates the pressing global context around cybersecurity, yet is adamant about the preservation of civil liberty and personal privacy. We are joining the Electronic Frontier Foundation and the Internet Defense League in our opposition to this bill. You can learn about the below bulleted issues and more in the EFF’s page about the bill.
Here are some of the key issues with CISPA Gliph is concerned about:
Companies will have new rights to monitor both user behavior and personal data and then share it with the government without a warrant.
CISPA gives companies the power to obtain “cybersecurity threat information,” which could include personal communications. The bill contains vaguely defined reasons companies may use for why they would track, store and share such information.
CISPA grants companies broad immunity from legal liability of monitoring, acquiring and sharing personal data of their users.
This immunity from legal liability combined with the ability to monitor and obtain personal communications has the potential to act as a loophole to privacy laws like the Wiretap Act and the Stored Communications Act.
Users are unlikely to be informed that their private data is compromised under CISPA and will be unable to do anything about it.
CISPA exempts the government from revealing the identities of individuals who have been tracked by companies and shared with the government from otherwise valid Freedom of Information requests. If a user’s privacy is violated by accident during information exchange, the government is not required to notify the user of the mistake.
The recent hacks suffered by the New York Times and others were the result of attack methods that CISPA was not written to deal with.
Although hacking has been described by the Director of National Intelligence is as a greater threat than terrorism, CISPA is not written to handle some of the most high-profile and recent attack types.
We encourage all of our users to oppose CISPA and to join Gliph, the EFF and the Internet Defense League to oppose the bill.