Cyber security is a big and growing problem. Not just hackers trying to get at your hard drive through sneaky emails and other phishing schemes. There are bad guys out there who want to do things like take down the power grid or bring transportation systems to their knees. The threats are real and many.
There is a definite and proper role for strong, coordinated government action to protect the country from cyber-attack, and Congressional legislation on this issue has been inevitable for some time. But who in government should have that responsibility — and the substantial authority that accompanies it — is up for grabs, and a major power play is unfolding.
CISPA, the Cyber Intelligence Sharing and Protection Act, is grabbing headlines of late, but it is just one of multiple related bills currently circulating on Capitol Hill. In April, the House of Representatives approved CISPA by a 248-168 vote, and the bill now is headed to the Senate.
CISPA would allow private corporations to monitor anyone’s email and online activities, and share this information with the government with impunity, as long as they are deemed to have acted in good faith — a subjective metric. The government, in turn, could use information in pretty much any way it wants to, largely without disclosure, all in the interest of preventing a cyber-attack. Preexisting laws would be subordinate to this new act.
Why should professional communicators care if CISPA or another equally stringent piece of legislation is enacted? For the simple reason that it could mean a radically different online world from the open Internet we grew up with; one that, right now, no one really can or does understand.
Social media platforms such as Twitter and Facebook, which didn’t exist five years ago, are now public relations staples. Innovations will take place over the next few years that are likely to rival these in scope and importance; how might CISPA impact their development and adoption?
In addition, a more secretive environment will increase the potential for misinformation and anti-competitive practices. And while service providers would not be forced to share information, voluntary disclosures by well-meaning companies might produce unintended or even unknown consequences.
Finally, what about the line between organizational communications and the individuals responsible for producing them? Will an employee’s professional blog posts, media quotes and other communications be part of a profile that is subject to government surveillance? The fact is, we don’t know what will be defined as intellectual property, free speech or a cyber-threat in a CISPA world, so public relations professionals and other communicators will need to choose their words more carefully than ever.
Organizations today face very real network- and data-protection challenges. Current laws limit their ability to share information related to cyber-attack, and removing some of those barriers certainly will help to address some serious problems affecting our country.
But it’s important to keep in mind that when liberties are taken away, they typically aren’t restored. The public just adjusts … to things such as removing their shoes at the airport.
So whether or not CISPA passes the Senate and is sent to President Obama for his signature, communicators must pay close attention to the shifting legislative landscape, and be ready to adapt their own practices and lead clients into an uncharted territory that may well prove full of land mines.
Kathy Stershic is principal consultant at DIALOG RESEARCH & COMMUNICATIONS, a tech-centric communications consultancy. She just completed a Master of International Policy and Practice degree at George Washington University’s Elliott School of International Affairs, focusing on technology policy.