I will try and make this relatively short and not so sweet. As many may be aware, today is the day for the hacker group Anonymous-led Web blackout of over 200 sites in protest of the Cyber Intelligence Sharing and Protection Act (CISPA) which was recently passed the U.S. House of Representatives. This followed a call for action recently via the hashtags #CISPAblackout and #StopCISPA.

Unlike last year’s successful protest against the passage of SOPA, noticeable by their absence are the large non-hacker supporters like Google, Wikipedia and a host of other household names. The current blackout seems as much about hacker angst as it is about civil liberties.

What can websites share with public safety agencies is the issue

Put simply, CISPA, which passed by an impressive vote of 288 yeas versus 127 nays, is in theory designed to enable the National Security Act of 1947 to allow government agencies to exchange customer data from Internet service providers and websites if that data is a threat to “cyber-security.”

Proponents say that all of the requirements are voluntary, and do not mandate that private companies share information with government agencies as critics have argued. However, those critics have pointed out the language in the proposed legislation is so broad that the definition of what actually can be deemed a cyber security threat has loopholes large enough to give the government unprecedented discretion in making such determinations and thereby lead to significant abridgement of basic civil rights.

The tricky part is in the fact that CISPA defines a “cyber threat”:

(A) efforts to degrade, disrupt, or destroy such system or network (meaning critical national infrastructure); or

(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

Proponents have argued that CISPA is a common sense approach to dealing with the growing problem of threats from nations, terrorists and criminals looking to attack things like the U.S. electrical grid and other critical infrastructure. Critics say even that has some issues, but the expansion to the pirating of intellectual property and the ability to in essence circumvent basic rights so that government can go on a fishing (not phishing) expedition goes way too far. The critics make an interesting point. 

Where does this go from here?

Since CISPA is part of the political process, putting aside the effectiveness or lack thereof of this blackout (which because it seems mostly hacker-based has issues of its own), what happens next is problematic. Here is why:

• The Obama administration, despite its own initiatives to encourage data sharing, has threatened a veto of the bill if the broader definition of what constitutes a threat is not revised.
• The U.S. Senate has shown no pressing appetite to debate this subject and speculation is even if it does reconcile with the bill that sailed through the House could be a dog fight depending on where the Obama administration comes down and how hard they are willing to push.
• In the event that the House and Senate could agree on a compromise, if the Obama administration still felt it needed to be vetoed the House has the 2/3 majority needed to override it but the Senate would likely not have the votes to do so.

In short, this is far from over. 

Depending on your interests, that can be seen as either a good thing or a bad thing. The challenge is that cyber security threats, as we see now on almost a daily basis are a real and growing danger. This is made all the more challenging as such attacks are now either state-sponsored or coming from elements with significant resources and sophistication. On the other side, in a free society such as the U.S., personal liberty is a matter that is taken seriously and people from both the most liberal and conservative sides of the ideological spectrum have valid concerns about just how far government might wish to go when “investigating” what may or may not be an issue of national defense. 

Obviously, this is one that is on a lot of peoples’ “watch lists.” It is on ours and we will keep you posted. And, as for today, check the list on the first link above to see whether it is usable. It might not be such a bad thing to take a breather for at least one day whether you are protesting or not.