‘We’ll protect your private data’: CISPA-embracing Facebook tries to calm users’ fears
In a blog post on Friday, Joel Kaplan, vice president of US public policy at Facebook, argued that if enacted into law, the bill would “give companies like ours the tools we need to protect our systems and the security of our users’ information, while also providing those users confidence that adequate privacy safeguards are in place.”
He stressed that sharing of data on the part of companies would not be compulsory and pledged that Facebook has no intention to disclose sensitive user data to the US government.
Earlier Kaplan praised the bill in a letter to Michael Rogers, chairman of the House Intelligence committee, saying that it “removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users.”
The Cyber Intelligence Sharing and Protection Act (CISPA) would facilitate sharing of data between governmental agencies and private companies over cybersecurity threats.
A number of online privacy groups criticized the bill scheduled for a US House of Representatives vote on April 23 over potential abuse.
They complained over the bill’s overtly broad definition of cyberattack, which includes intellectual property theft. It also does not require that user data shared with the government is anonomyzed and lacks any mechanism for public control over the flow of information.
The fear is that under the pretext of defending the public from cybercrime, companies will be able to censor the internet and violate user privacy.
Facebook’s pledge not to abuse the grey zones of the bill may be of some comfort to its 845 million users, but it is hardly in a position to speak for every company doing business online.
The criticism of CISPA resembles the wave of protests against the SOPA/PIPA intellectual property protection bills. They would have given copyright holder immense power to prosecute infringing websites and would effectively make any user content-oriented online business model impossible. The opposition managed to kill the bills.
Meanwhile, the House Intelligence Committee has published a new draft of CISPA, which includes several amendments and significant additions that slightly narrow down the definition of a cyberattack. The term "intellectual property" was excluded from the definition, which now clearly refers to an “unauthorized network access,” leaving less room for misinterpretation. At the same time, a new section of the bill effectively gives a company that shares data with the governmental agencies immunity from prosecution, because it will be almost impossible to prove intentional privacy violation.