Facebook says it has 'no intention' to abuse CISPA

Facebook says it has 'no intention' to abuse CISPA

Summary: Facebook says it has no plans to abuse the Cyber Intelligence Sharing and Protection Act (CISPA). Furthermore, the company is working with lawmakers to fix some of CISPA's flaws.


Earlier this week, many pointed out Facebook is supporting the Cyber Intelligence Sharing and Protection Act (CISPA), despite opposing Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA). I asked Facebook for a statement but was declined and was instead pointed to the company's letter of support in regards to the bill.

Today, Facebook released more details about its backing of CISPA. The company underlined the advantages of having such legislation pass, including the fact it lets companies and the government share information with each other about cyber attacks, as well as how this can help protect firms and their users from being victimized by the same attack. Facebook also admitted CISPA has some questionable sections, but said it will not abuse them. Instead, Menlo Park wants these parts changed.

Here's what I said in my previous article:

That's the main point, but CISPA also includes portions about protecting intellectual property, reminding many of SOPA and PIPA. If an IP thief is considered a threat to cyber security, then his website, or where he posted the content, could technically be blocked by CISPA. If a government agency believed you were planning a cyber attack, and were discussing it on Facebook, it could ask the social networking giant for every piece of information about you.

Facebook could, of course, say no. That's important to emphasize. The bill would not force Facebook to hand over all the data it normally does when it legally has to (Here's what Facebook sends the cops in response to a subpoena).

Facebook agrees. Here's the relevant part of the statement saying the company wants to protect its users with CISPA:

Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users' private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place -- the additional information it would provide us about specific cyber threats to our systems and users.

There's more. Here is what the Electronic Frontier Foundation (EFF) had to say about CISPA:

Under Rep. Mike Rogers' Cyber Intelligence Sharing and Protection Act of 2011 (CISPA),and Sen. John McCain's SECURE IT Act, there are almost no restrictions on what information can be spied upon and how it can be used. That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop "cybersecurity" threats.

Worst of all, the stated definition of "cybersecurity purpose" is so broad that it leaves the door open to censor any speech that a company believes would "degrade the network." Parts of the proposed legislation specifically state that cybersecurity purpose includes protecting against the "theft or misappropriation of private or government information" including "intellectual property." Such sweeping language would give companies and the government new powers to monitor and censor communications for copyright infringement. It could also be a powerful weapon to use against whistleblower websites like WikiLeaks.

Here is how Facebook addresses the EFF's complaints:

The overriding goal of any cybersecurity bill should be to protect the security of networks and private data, and we take any concerns about how legislation might negatively impact Internet users' privacy seriously. As a result, we've been engaging directly with key lawmakers as well as industry and consumer groups about potential changes to the bill to help address privacy concerns.

The bill's sponsors, House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger, have stated publicly that they are working with privacy and civil liberties groups to address legitimate questions and concerns about how information might be shared with the government under the bill. They've made clear that the door is still open to change the bill before it comes to the House floor for consideration.

Let's recap. SOPA and PIPA were about intellectual property, and allowed courts to remove DNS listings for any website hosting pirated content. CISPA is meanwhile about security, and makes it possible for companies to share user information with the U.S. government (and vice versa) if the parties believe it is needed for the greater cyber security good.

That being said, CISPA has loopholes that allow it to be abused, especially when it comes to Intellectual Property and privacy. Facebook says it will not do that, and will instead work on closing these loopholes.

Frankly, I think Facebook should only back CISPA when the bill is in a state worthy of getting support in the first place.

See also:

Topics: Security, Government, Government US, Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion

    Here is an interesting infographic about the CISPA, Internet???s New Enemy - take a look http://www.sociableblog.com/2012/04/12/cispa-sopas-evil-twin-sister/
  • The problem comes in when

    the entire voluntary sharing of information clause becomes contrived. Only certain details may be leaked in order to blackmail someone, and a user would think that information is kept only to themselves and those they explicitly share with, especially out of the hands of political opponents and fraudsters.

    In this case, an information dump to the government would entail them attempting to fine as many people for illegal conduct as possible to embolden their enforcement efforts, unless certain persons are targeted for other dubious reasons. Imagine, being Baker Acted because you posted drunk pics every night of the week for one week.
  • Look at past practice

    Think how this could be "over used" for fishing expeditions.....
  • PMA

    Protecting My Ass ....

    While applaudable the response from FB is, they are one voice in a crowd.
    This is another draft bill with minimal input from the technical folks who understand the internet and nothing in here ensures it cannot be abused. Most big business and government had shown time and again if they could they will.

    Sorry, trust I do not and for good reason.
  • Translation: We are already abusing it

    Anybody really believes a company that a company created to steal personal information and sell it to the highest bidder is going to "not abuse" something they already abuse?
    • Uh oh ...

      I think you hit the nail on the head there. They are already abusing the personal information, so they support this law to cover their ass in the future.
  • About?

    Anyone who watches Congress for even a little while knows that the actual bills are never "about" anything. That's just for talking heads to having something to blab about. Bills are simply collections of rules that will be imposed in exchange for campaign contributions or other direct and indirect bribes. Slap a new name on an old collection of rules, and suddenly it seems to be "about" something. Slap a slick name on a bad collection of rules, and suddenly it, too, seems to be "about" something. Each rule needs to be evaluated line-by-line, to find out what the impact will be, if passed. I'm not the person to do that. But so far, I've seen almost nothing from others that makes CISPA any better for end-users than SOPA/PIPA.
  • What a joke.

    This statement coming from Facebook of all companies, what a joke. Zuckerberg's repeated and consistent violation of privacy is a great track record. Yes, facebook, we really believe you this time.
  • Whew

    I was concerned that they would abuse it, but since they've said they wouldn't, I'm relieved. If you can't trust an invasive, scammy, multi-billion dollar company, who can you trust?