Online piracy eradication efforts spark privacy concerns

Must preventing online piracy and product counterfeiting, and stopping Internet-borne attacks, come at the expense of safeguarding people’s privacy? Recently introduced proposals—ACTA, CISPA, PIPA, SOPA and more—in Europe and North America have offered solutions to the problems of intellectual property theft and nonstop attacks against business networks. But the sheer scale of popular protests against many of these legislative proposals suggests that balancing intellectual property rights and civil liberties won’t be easy. Here’s a look at some of those legislative trends and why they’ve so often triggered privacy concerns.

The stated goal of the House Cyber Intelligence Sharing and Protection Act (CISPA) is to enable U.S. intelligence agencies to share attack signatures with private businesses to help them better spot and block the seemingly unending stream of malware, phishing campaigns and advanced persistent threats now targeting their networks and too often breaking in. While sharing attack data sounds fine in theory, CISPA has raised fears that private businesses might share any data they collected—including employees’ browsing habits and communications—with the Department of Homeland Security (DHS), which could then share it with the National Security Agency. Furthermore, assuming that the attack-signature data is better than what businesses currently have access to, any business that receives the data

for using it. Despite that criticism, CISPA was passed by the House last month and has moved to the Senate, where Sen. Joe Lieberman (I-CT) has introduced the Senate’s version, dubbed the Cybersecurity Sharing Act (CSA) of 2012. But the new bill is already facing CISPA-like criticism. “I have serious concerns about this bill,” says Sen. Al Franken (D-MN) via e-mail. “As written, the legislation moves aside decades of privacy laws to allow companies to freely monitor American citizens’ communications and give their personal information to the federal government—and grants companies near total immunity for doing so.”

While critics of CISPA and CSA say they will result in excessive surveillance of innocent people, many countries are pursuing “surveillance modernization” bills designed for that express purpose. Recently, for example, Britain’s coalition government began floating the

(CCDP), which would allow UK intelligence agencies to keep the e-mail and other communications records of everyone in the country for up to 12 months. Likewise in Canada, Public Safety Minister Vic Toews has been

known as C-30, purportedly to combat child pornography. As currently drafted, the bill says that under “exceptional circumstances…any police officer” could obtain information about a subscriber from a telecommunications provider. But critics have noted that while the bill’s title says it’s meant to combat child pornography, nothing in the bill’s text says how that will happen. Similar legislation in the United States,

, would require service providers to retain a log of subscriber-related information, including credit card data, for at least 12 months. But such mass surveillance could reshape current approaches to law enforcement. “That makes us all a suspect,” says Jim Killock, executive director of the

. “Instead of being under surveillance when there is evidence of wrongdoing, you will be under suspicion by default.” Furthermore, storing all of that information in one place would likely create entirely new security risks. “These databases would also be a new and valuable target for black hat hackers, be they criminals trying to steal identities or foreign governments trying to unmask anonymous dissidents,” according to the

.

Moving into the anti-piracy realm, the purpose of the U.S. House bill titled “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act” (Protect IP Act, or PIPA), in the words of chief sponsor Rep. Lamar Smith (R-TX), was “to enact legislation that protects consumers, businesses and jobs from foreign thieves who steal America’s intellectual property.” The Stop Online Piracy Act (SOPA), authored by Sen. Patrick Leahy (D-VT), pursued a similar goal. The bills, introduced in 2011, would have required service providers to use DNS filtering to forcibly reroute consumers from sites deemed to be violating U.S. copyright law. They also promised legal protections for payment processors who declined to send money to organizations that the U.S. government accused of violating copyrights, whether that involved digital media, counterfeit clothing or generic pharmaceuticals. A number of leading technology voices, however,

, as well as being unworkable and likely costly. “There is ample evidence to suggest that DNS filtering will not be effective against infringement. There are just too many ways for determined seekers and purveyors to get around the blocks,” according to Center for Democracy and Technology (CDT) policy analyst Andrew McDiarmid. To protest SOPA and PIPA, thousands of websites—including Wikipedia—

Soon after, both bills were shelved. But a proposal from Rep. Darrell Issa (R-CA) and Sen. Ron Wyden (D-OR), the bipartisan OPEN Act, pointedly avoids DNS filtering, and could be a way forward. According to the bill’s sponsors, who’ve launched a website aimed at

, it’s designed to address two principles: “First, Americans have a right to benefit from what they’ve created. And second, Americans have a right to an open Internet. Our duty is to protect these rights.” While the EFF called the bill “far from perfect,” it did laud the lawmakers for pursuing “an open process befitting an open Internet” in their drafting of the bill.

Like SOPA and PIPA, the Anti-Counterfeiting Trade Agreement (ACTA) is designed to protect intellectual property rights, including targeting the sale of counterfeit goods and generic medicines. ACTA differs, however, in that it’s an international agreement—provisionally signed by more than 20 EU member states as well as the U.S., Australia, Canada, Japan and other countries. But ACTA critics worry that the international agreement could lead to Internet censorship, and those fears have

that far exceed the scale of U.S. resistance to SOPA and PIPA. “With ACTA, you saw in Berlin the largest demonstrations on a transatlantic issue since the Iraq war—almost 100,000 people,” Tyson Barker, a fellow at the Truman National Security Project, told

. “Poland was the same, as was the Czech Republic. It’s no coincidence that these are the same states that have known dictatorships and the extremes of domestic surveillance.” In other words, ACTA is far from a done deal.

Furthermore, the business and surveillance initiatives may now be heading for a transatlantic showdown. “The debate over privacy, data protection, e-commerce, cybersecurity, and IPR (intellectual property rights) online is going to be a huge fault line between the United States and Europe, and until they get on the same page, they will be vulnerable to divisions by rising players like China and India,” Barker said. Of course, assuming that North America and Europe can reach an agreement on ACTA first assumes that EU states can reach their own agreement. ”It’s like the narcissism of petty differences, but these stances are so culturally embedded that they’re going to be difficult to dislodge or change,” Barker said.