Dear Senators Coats and Donnelly,
Among all of the other pieces of news dropping recently regarding the fair city of Washington, D.C., one that has recently re-reared its ugly head is the specter of the Cyber Intelligence Sharing and Protection Act (CISPA). While the Senate, long identified as functioning as the more deliberative house of Congress, declined to take up the House’s bill earlier this year, I have seen multiple references to a quiet approach being undertaken in the Senate to draft a nearly-twin bill to CISPA. (NSA Head: We Need CISPA ; Senate Working on Counterpart to Cyber-security Bill).
The National Security Agency, through General Keith Alexander, has indicated that the cooperation of private corporations with the government regarding private citizens’ data is paramount to protect the United States from ‘cyber attacks.’ At least with regards to CISPA, one of its core functions was to provide civil and criminal immunity for data service providers (whether Google or TimeWarner) when they shared private U.S. citizens’ data with the National Security Agency in the name of national security as an exception to the warrant clause.
While there are a variety of exceptions to the warrant clause (and, indeed, the Fourth Amendment in general), I find myself compelled to object strongly to General Alexander (and your colleague, Senator Feinstein‘s) argument that in order to protect the safety of U.S. citizens, corporations who have been entrusted with our data (and, I assume, the U.S. government) be rendered immune to suit from private citizens.
Please Stop Looking Over My Shoulder
This data, which, as opposed to airplane travel, is not an elective – it is a necessity for modern life and one that has been properly left to the private sector to develop. However, because of that development, the government has, at least in the NSA’s eyes, created a situation in which it may ignore the protections of the Fourth Amendment solely because the parties transmitting the information are private. In some analogies, this is convincing. However, when you consider some of the data that travels, which the NSA wants access to sans warrant, the Handed-Off-to-a-Private-Third-Party argument gets wobbly; the difference between handwritten communications (your bank statement, love letters, planning protests) and electronic ones has ultimately become one of display – that’s it. However, as far as I know it, no one in either house of Congress nor the Executive branch has suggested warrantless searches of physical communications, like letters.
Secondly, and perhaps more practically, the NSA’s argument that CISPA (or its newer, Senatorial version) is a requirement seems a clear end-around the judicial system. Although I admit that I am somewhat skeptical of a secret court, I will, for the sake of argument accept that the FISA court is a necessary instrument. With that admission comes the conclusion that IF we must have a Top Secret court with members on call at all hours to sign off on warrants related to national security, we must use it. Even the NSA. The arguments against the FISA court, particularly considering their 24-hour availability, consistently strike me as completely nonsensical. They are a top-secret court whose sole purpose is to review probable cause affidavits and issue warrants on matters of national security.
Power Corrupts. Absolute power is actually kind of neat.
To give the NSA (or any entity) the ability to freely access all of our data, individually and collectively, without a neutral magistrate acting as a gatekeeper to balance individual privacy versus national security, undercuts one of the basic premises of the Union: without the review of a judge, who issues a warrant, the government’s authority to figure out what’s going on in my life ends when my front door closes.*
While email and, to some extent, chat messages and texts equate well to traditional mail (or other obscuring packages, regardless of whether they are a knotted scarf or locked attache case), there are plenty of other electronic communications who share few, if any, characteristics with old-fashioned postal communications beyond the sender and recipient having a subjective expectation of privacy and an society who objectively views that expectation as reasonable, yet the degree of privacy contained in those communications is equally of deserving of protection.
As I’m sure you both know, both Microsoft and Sony are releasing new video game consoles this year. Both systems will have high-definition capable cameras and sensitive microphones intended for both in-game communication and directing the hardware consoles to undertake different actions (only Microsoft will be bundling their camera with every console). At least under CISPA, the NSA or other agency, could, without a warrant, compel Microsoft or Sony to allow access to these camera/microphones while people are playing the games and chatting with their friends. Further, and much more disturbingly, such compulsion could also occur when the system is not in use. Microsoft’s console is designed to exist in an “always on” state. While the company has made multiple reassurances that the Kinect system would not be recording or otherwise active, I find it difficult to believe that given time and its black budget, the NSA could easily bypass that lockout. While I am certain that the great majority of individuals employed at the NSA care deeply about their country and have a strong sense of ethics, the potential for abuse in this circumstance is absurdly high. Or, in other terms: “Trust us, we’re the Government and we’re here to help.” No, thanks.
Console-makers and potential for abuse is not solely one of spying on citizens with their video games, either. In leaving in back doors, providing access to accounts bound by privity of contract between the end-user and the company providing the services (in this case, Microsoft and Sony; in others, Steam, Nintendo, or even Amazon) could result in a breach of contract by the console makers / vendors for violating confidentiality terms. I think that an argument could be made that the U.S. Government would be tortiously interfering in contractual obligations, which I can only assume is one reason for the proposed immunity. Thing is – no one contracted with the NSA – they’re not a party to the agreement between Nintendo and Justin. These End User License Agreements do have an exception built into them already: they’ll comply with a court order.
In other words, General Alexander’s statement is faulty. The NSA doesn’t need CISPA or a rebranded counterpart. Everybody’s EULA, whether Google or Microsoft, has exceptions for when they’re served with a warrant. Even a fairly secret warrant from the FISA court. The only reason the NSA ‘needs’ the immunity clause is so that it can skip judicial review and avoid having to bear the burden of providing a court with articulable reasons that the court should ignore the protections offered to the individual in favor of expediency. Considering the proposed plans exposed by the Guardian, one can only assume that with this power, the NSA would not just be gathering one individuals information, but, as they say on the internet, ALL THE INFORMATION! Frankly, my boss doesn’t need to know how much time I spend playing Xbox…and neither does the federal government. Not without a warrant, anyway.
In addition to urging your opposition to further legislation of this type, I respectfully request that you respond and elaborate your positions on this matter.
Mail This – Being motivated enough to write a letter is one thing, but being motivated to write a fake letter is an entirely different matter. Someone in the gaming industry needs to hear about this.
*This is where the real letter I wrote to the Senators ended – they’re both really busy guys and I think I elaborated my objections well enough. If you want to write your Senators and copy from me, feel free to plagarize on this one. You can find your senators’ contact information here