Inside Story America

Is your online personal data up for sale?

As Facebook prepares to float, we ask how worried we should be about companies and governments accessing our data.

Facebook is likely to smash Wall Street records when it floats on the NASDAQ stock exchange this week.

But in an age when we increasingly live our lives online, how worried should we be about what companies and governments do with our personal data?

When Facebook begins issuing shares on Friday, it is expected that the company will be valued at $100bn, three times the GDP of Kenya – a remarkable rise for a company that was started in a Harvard dorm room.

A lot of people think that information-sharing with the government with the right privacy safeguards in place is something that could be beneficial. The problem comes in when you have it going to a military agency like the NSA.”

– Mark Stanley from the Center for Democracy and Technology

The company, started eight years ago by Mark Zuckerberg, has raised share prices and the number of shares available on the IPO, making it the third-largest initial share sale in the US. It claims to have made $3.7bn in revenue in 2011.

The site has 900 million users who post photos, connect with friends and share information about their lives. As a result, the company holds vast amounts of information about its users, and that has led to widespread debate about the privacy of our personal information.

According to a recent poll, more than 40 per cent of Americans log on to Facebook at least once a week; about 59 per cent do not trust Facebook to keep personal information private; some 54 per cent do not feel safe purchasing goods or services through the site; and 83 per cent of those surveyed said they never or hardly ever click on sponsored ads on their Facebook pages.

But less widespread has been the debate about the Cyber Intelligence and Sharing Protection Act (CISPA), which has a far greater potential to open up our lives to corporations and government agencies.

The stated aim of the law is to help the US government investigate cyber threats and protect the security of networks against attack.

The bill allows content including in emails and text messages to be passed unredacted to the government and there’s no obligation for companies to remove the personal information of individuals who aren’t implicated in the cybersecurity threat …. It is, frankly, a surveillance bill.”

– Rainey Reitman, the activism director for the Electronic Frontier Foundation

The giants of the technology world, including Intel, Facebook and Verizon are in favour of the bill. But civil liberties advocates argue that it will give the federal government unprecedented powers to access the data of ordinary Americans.

Mike Rogers, the Republican chair of the Congressional Intelligence Committee, dismissed concerns about the bill, saying: “We’ve taken a year to forge this bipartisan effort to get where we believe privacy is protected …that our civil liberties are protected, but we at least take down the hurdle to share nasty source-code or software that’s flying through the internet, that’s developed and it’s very sophisticated, by the Chinese and the Russians and the Iranians and other groups and non-nation state actors that are going to steal your personal information.”

The bill has already passed the House of Representatives and will head to the Senate though Barack Obama, the US president, has vowed to veto it.

When it passed, several amendments were tacked-on in an attempt to alleviate privacy concerns, mandating that information gathered can only be used for cybersecurity, investigation and prosecution, protection from death or injury, protection of minors from physical and psychological harm and protection of US national security.
So, are the concerns over the CISPA bill justified?

Joining presenter Shihab Rattansi to discuss this on Inside Story Americas are: Mark Stanley from the Center for Democracy and Technology; Kashmir Hill, who writes about privacy and technology for Forbes magazine; and Rainey Reitman, the activism director for the Electronic Frontier Foundation.

Advocates of the Cyber Intelligence Sharing and Protection Act, passed by the US House of Representatives in late April, say it will protect the US from cyber threats by making it easier for private companies to share information with the federal government.

  • It allows private companies to share user data with the government
  • It allows internet service providers to provide data without a search warrant
  • It gives private entities surveillance authority
  • Its supporters say it cracks down on hacking and foreign spying
  • Its critics say it does not have enough privacy protection, provides no legal recourse in case of abuse of privacy
Excerpts from letters of support for the CISPA bill:

From Facebook – “Effective security requires private and public sector cooperation, and successful cooperation necessitates information sharing. Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and help provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users. Through timely sharing of threat information, both public and private entities will be able to more effectively combat malicious activity in cyberspace and protect consumers.”

From the US Chamber of Commerce – “This bill would address the needs of companies to receive timely and actionable information from government partners to protect their computer networks and those of their customers. It would knock down policy and legal barriers that have limited the healthy sharing of cyber threat information between and among elements of the public and private sectors.”