Skip to Content

Government Surveillance

Continuous Monitoring, Big Data, and Concerns with CISPA

/ Greg Nojeim

Why is CDT opposed to a House bill intended to promote sharing of information about cyberthreats? And why do we prefer a Senate proposal on information sharing?

The reasons for our opposition to the Cyber Intelligence Sharing and Protection Act (CISPA) are well-illustrated by this opening sentence from an article yesterday in Government Computer News:

Continuous monitoring is the order of the day for federal IT systems, and automated tools are generating more data about the status and behavior of agency networks. The next challenge, analysts, vendors and government officials say, is making use of all that data.

Delete reference to “federal” IT systems and “agency” networks and you understand the scope of our concern: Continuous monitoring is the order of the day for all information systems, including major ISPs and other service providers. Continuous monitoring is generating huge amounts of data about behavior of all networks and about the behavior of users of all networks.

CISPA would allow automated monitoring of data on private networks to flow directly to the National Security Agency, a super-secret military agency, and it would allow the use of that information for any national security purpose, including purposes unrelated to cybersecurity. The Senate bill, by contrast, would feed private sector data to the civilian Department of Homeland Security, which is more subject to public accountability, and it would not allow use of cyber-monitoring information for unrelated national security purposes.

The ongoing developments in big data analysis developments in which the NSA is surely a leader will make it increasingly possible to analyze network data to generate a wide range of inferences and other knowledge.  Having that power in the hands of private network operators, and in the hands of the government monitoring its own networks, is risky enough.  But feeding the huge flows of data generated by continuous monitoring into a military agency, where it could be used not only for cybersecurity but for any national security purpose, could result in a major shift in power that is incompatible with a democratic system.

That is just one reason why we oppose CISPA.

Related Reading

The CDT logo. A dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

CDT Europe’s AI Bulletin: April 2024
SAFE Act Q&A. White document on black background.

CDT Joins Others in Publishing Q&A about the Security and Freedom Enhancing (SAFE) Act of 2024
Coalition letter. White document on black background.

CDT Joins Brennan Center & Others in Letter Urging Congress to Protect Protesters by Supporting Critical Reforms to Section 702 of FISA