CISPA: Der US-Nachfolger von SOPA und PIPA

Zwei Monate nach den gescheiterten Versuchen, mit SoPA und PIPA in den USA drakonische und unverhältnismäßige Maßnahmen zur Durchsetzung von Urheberrechten einzuführen, ist bereits der nächste Versuch auf dem Weg: Der Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) hat bereits ein fünftel der Kongressabgeordneten hinter sich versammelt. Das Ziel des Gesetzesentwurfs ist die Bekämpfung von Online-Kriminalität. Mit dabei sind selbstverständlich so vage Formulierungen, die zu Maßnahmen wie eine verstärkte Echtzeit-Onlineüberwachung und natürlich wieder Netzsperren führen können. Das kennt man ja schon aus ACTA. Bei CISPA kann das klassische Online-Kriminalität betreffen, wie der Name verspricht, aber Kritiker gehen davon aus, dass auch schon einfache Urheberrechtsverletzungen und natürlich Webseiten wie Wikileaks oder ThePirateBay gemeint sind, wie die EFF schon vor einem Monat berichtete: Rogers’ “Cybersecurity” Bill Is Broad Enough to Use Against WikiLeaks and The Pirate Bay.

CISPA allows companies or the government1 free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services for “cybersecurity purposes.” Companies are encouraged to share data with the government and with one another, and the government can share data in return. The idea is to facilitate detection of and defense against a serious cyber threat, but the definitions in the bill go well beyond that. The language is so broad it could be used as a blunt instrument to attack websites like The Pirate Bay or WikiLeaks.

Ein gefährliches Element ist das Angebot an private Unternehmen, dass sie von einer Haftung ausgeschlossen werden, sofern sie umfänglich mit der Regierung kooperieren, wie Digitaltrends.com berichtet: Watch out, Washington: CISPA replaces SOPA as Internet’s Enemy No. 1.

The bill defines “cyber threat intelligence” as any information pertaining to vulnerabilities of, or threats to, networks or systems owned and operated by the U.S. government, or U.S. companies; or efforts to “degrade, disrupt, or destroy” such systems or networks; or the theft or “misappropriation” of any private or government information, including intellectual property. CISPA also removes any liability from private companies who collect and share qualified information with the federal government, or with each other. Finally, it directs the Privacy and Civil Liberties Oversight Board to conduct annual reviews of the sharing and use of the collected information by the U.S. government.

Das Center for Democracy and Technology (cdt) sieht vor allem vier Kritikpunkte: Cyber Intelligence Bill Threatens Privacy and Civilian Control.

The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited.

Mittlerweile ist die Mobilisierung gegen das Gesetzesvorhaben fortgeschritten. Die internationale Sektion von Reporter ohne Grenzen kommentierte gestern: Draconian cyber security bill could lead to Internet surveillance and censorship.

“A blanket monitoring system is never an appropriate solution, nor is blocking or censoring websites that disclose information that is classified but of public interest. Reporters Without Borders opposes CISPA and ask Congress to reject this legislation. […] The bill would allow companies protecting themselves “to use cyber security systems to identify and obtain cyber threat information”. Such vaguely defined systems could also mean monitoring, blocking or filtering systems. The definition of potential threats is even broader. It targets ‘‘efforts to degrade, disrupt, or destroy” a system or network, the “theft or misappropriation of private or government information, intellectual property, or personally identifiable information”.

Es gibt auch wieder eine Petition von Avaaz zum Thema.

Und Mashable hat ein Interview mit Lawrence Lessig zu aktuellen Entwicklungen und auch ACTA gemacht: SOPA 2.0: Why the Fight for Internet Freedom Is Far From Over.

Why haven’t we seen anti-ACTA protests in the U.S. the way we see them in Europe and how we saw them here with SOPA?

We’re kind of out of sequence because the policy steps necessary to get the U.S. to sign on have already been taken. We could get a bill to withdraw, but that’s a harder fight.

What do you think of the President Obama’s decision to label ACTA an “executive agreement,” allowing him to sign ACTA without Congressional approval?

I think it’s unconstitutional. Jack Goldsmith and I wrote a piece that mapped out why it’s unconstitutional. We hope we get the chance to test that.

18 Kommentare
    • jj preston 7. Apr 2012 @ 19:33
Unterstütze unsere Recherchen und Berichterstattung für Grundrechte und ein freies Internet durch eine Spende. Spenden