The thing about promoting security on the Internet is that it, ostensibly, is about protecting individuals from identity theft. Sure, there are other possible harms, such as lost commerce, but the threat of stolen personal information is the primary concern of most folks.
So allowing employers to require their employees to hand over social media passwords would seem, to a reasonable observer, to be the exact opposite of a policy that promotes cybersecurity.
But in the wacky world of the House of Representatives, the majority rejected a proposal that would have barred middle managers from impersonating employees online. Because….
Well, because protecting individuals is hardly the goal of this legislation.
The Cyber Intelligence Sharing and Protection Act, or CISPA, is a broad piece of legislation that claims to improve Internet security by allowing companies to easily share personal information, even if it violates privacy contracts, with other companies and with the government to help investigate and prosecute attacks.
At the outset, the bill is about distributing, rather than protecting, personal information. There are good reasons to allow companies to share intelligence with the government to protect against cyber attacks — to the extent they exist — but the motivation should be protecting the long-term security of personal information from unauthorized folks. But it’s not.
A last-minute amendment put the lie to the narrative that CISPA is all about protecting citizens:
Bad news, Facebook users. U.S. employers may soon be able to require employees to fork over their social media passwords.
A last-minute amendment to the Cyber Intelligence Sharing and Protection Act — known as CISPA — banning such a practice was blocked by members of the U.S. House of Representatives, despite the passage of the broad cybersecurity bill overall.
The provision, proposed by Rep. Ed Perlmutter (D-Co.), was voted down 224-189, with Republicans constituting the majority.
While the amendment would directly protect the personal data of Americans from unnecessary intrusion, it also might annoy the employers who want this bill to protect their websites from outside hacking, while in no way interfering with their ability to hack at the lives of their employees and consumers.
The admission that CISPA supporters are not just disinterested, but openly hostile toward protecting individuals came from the bill’s sponsor:
While Perlmutter warned of breached privacy and the potential to impersonate employees, as U.S. News & World Report notes, CISPA sponsor Rep. Mike Rogers (R-Mich.) called the Democratic congressman’s proposal an attempt to kill the bill.
An “attempt to kill the bill”? Rogers is saying that a provision that would protect employees from intrusion into their social media accounts would go so far as to force CISPA supporters to vote against the measure. He’s saying that such a protection would be so noxious to the needs of the CISPA lobby that it would warrant tossing the baby out with the bathwater. That’s a stunning admission.
In any event, the bill may not make it into law anyway. Last year, the Senate killed a prior version of CISPA by filibustering it to death. The White House has indicated it would veto the bill even if it survived the Senate, and if there’s little indication the Senate will pass the bill, there’s NO indication that enough Senators would support the bill to allow for a veto override.