1 Cyber[“security”], Codification, and Personhood: How H.R. 3523 Colonizes Us in the Internet Our legal state within the Internet is in jeopardy. As we speak, politicians, policymakers, scholars, bloggers, and all of us ordinary citizens are involved in a predominately invisible war over what can and cannot be said, what can and cannot be read, and where we can and will go on the Internet. I call this an invisible war because of our inability to articulate how we approach the most fundamental technology in our lives. Everything we do is online. Our identities are composed, mostly in ways we cannot see, on the Internet. And right now, Congress is trying to pass yet another piece of legislation that will define not just how we access the Internet, but how the Internet accesses us: H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA). This bill is yet another form of legislation similar to SOPA, PIPA, ACTA, OPEN, et al. CISPA’s aim is “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes” (112th Congress). Like the bills that have come and failed before it, CISPA serves to appropriate our means of interacting in the Internet. Yet, also like the bills before, it serves to appropriate us through specific and not so specific discursive properties. Reading the legal language in CISPA through the lens of Norman Fairclough’s “Discourse, common sense and ideology” makes visible how this legislation seeks to naturalize, privatize and corporatize our collectively global, interactive identities. Any discourse, by nature, creates its own tensions because of humanity’s inability to establish set meanings for terms. For that reason, we have a public duty to look specifically at legal discourse critically to understand how laws use language to define our lives. Norman Fairclough’s work in critical discourse analysis gives us a great place to begin looking at CISPA. His take on Harold Garfinkel’s analysis of social assumptions as the “common sense world of everyday life” is a beginning: 2 Such assumptions and expectations are implicit, backgrounded, taken for granted, not things that people consciously aware of, rarely explicitly formulated or examined or questioned. The common sense of discourse is a salient part of this picture. And the effectiveness of ideology depends to a considerable degree on it being merged with this common-sense background to discourse and other forms of social action. (77) Taking this initial statement and applying it to the opening declaration in CISPA, Fairclough asks us to question what common sense assumptions are being made in this legislation. For one, CISPA implies that there is a threat to cybersecurity; though we know not what— nor do we get any explicit answer there. CISPA also uses the phrase “intelligence community”, which is a bit misleading. Who makes up this intelligence community? To what “entities” are they referring? I, for one, feel warm and fuzzy; surely, I am intelligent, part of a community, an entity interested in cyber security, and would most definitely want this community to share intelligence with me. But something tells me CISPA might be operating under a few common-senses that actually leave me out of said Intelligence Community. In Section II, CISPA mentions its plan to “[amend] by adding” to “Title XI of the National Security Act of 1947” by incorporating “Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat Intelligence With Private Sector” (112th Congress). We note that CISPA will work off a precedent established many decades ago to further an original legal discourse. The “Declaration of Policy” in the National Security Act details a consensus on defensive strategies as policy among the Navy, Air Force and the Army (“National”). The National Security Act of 1947 defines “Intelligence Community” as follows: (A) The Office of the Director of National Intelligence. (B) The Central Intelligence Agency. (C) The National Security Agency. (D) The Defense 3 Intelligence Agency. (E) The National Geospatial-Intelligence Agency. (F) The National Reconnaissance Office. (G) Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs. (H) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Federal Bureau of Investigation, and the Department of Energy. (I) The Bureau of Intelligence and Research of the Department of State. (J) The Office of Intelligence and Analysis of the Department of the Treasury. (K) The elements of the Department of Homeland Security concerned with the analysis of intelligence information, including the Office of Intelligence of the Coast Guard. (L) Such other elements of any other department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community. (“National”) The National Security Act labels every major intelligence organization within the government in this definition. During the time, I can see how this sort of truncated explanation would be necessary. Today’s interpretation, however, lends a more interrelated reading. In light of the “National Defense Authorization Act” (NDAA) and the “Domestic Drone Bill”, CISPA permits, in no certain terms, “reconnaissance” into any cybersecurity issue, and that gathered “intelligence” could be used for the detention of individuals without Due Process. Taking the common-sense of the 1947 precedent in light of our contemporary legislature intimates yet an even closer look CISPA’s intentions. The kind of associations I make above are intrinsically part of dissecting common sense and ideology to understand the discursive appropriations at work in CISPA. Fairclough says, “Thus text interpretation is the interpretation of an interpretation. For neither the world nor the 4 text does the interpretation of what is ‘there’ impose itself; both the production and the interpretation of texts are creative, constructive interpretive processes” (80-1). Thus, my connection from CISPA to NDAA and drones is not too far off; interpreting the implications of such invasive legislation is part of critical discourse analysis’s process. Incidentally, CISPA positions a specific person to do analysis of how to best interpret the legislation’s goals: The Director of National Intelligence. CISPA states, “The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence” (112 Congress). My interpretive glance may focus on the verb phrase “establish procedures”, which highlights the emphasis on control granted to one individual. I would go back to that in section (A) of the National Security Act, noting the hierarchical significance in this legislation. Within this section, we are told that the Director can share “intelligence” with “(i) certified entities; or (ii) a person with an appropriate security clearance to receive such cyber threat intelligence” (112 Congress). One person, accordingly, is afforded power over the entire process of information sharing—and gathering (drones and Guantanamo welcome). I draw several further interpretations from this information. We are not immediately told who these additional certified entities are, though we will find this information toward the end of the bill. And a more complicated—frightening—interpretation focuses on those with security clearances. In his article for securityclearances.com, Carlton Purvis analyzes the numbers and positions of those holding Top and/or Secret government security clearances; this number is approximately 854,000 (“Four”). Not so private and secure (though definitely top and secret), I would argue. That number does not lend me a sense of comfort; rather intimates a categorical discrepancy in access to all cyber security information. Furthermore, the fact that this section connects the sharing 5 between the Intelligence Community with the Private Sector as part of the heading, makes this also a matter of privacy. Scholars in the field of technology communications know how to rhetorically interpret these implications, drawing from them similar notions that I am. Nancy K. Baym applies a discursive frame to help me rationalize my discomfort. She says, “Most anxieties around digital media and their historical precursors stem from the fact that these media are interactive. Especially in combination with sparse social cues, interactivity raises issues about the authenticity and well-being of people, interactions, and relationships that use new media” (22). Baym understands that anxiety regarding digital media is an inherently dialectical relationship. Her use of language provides us with an interesting inflection. Because technology is a discourse, it is a socially embedded, thus productive. Any feelings of discomfort derive from these “issues about the authenticity and well-being of people”. “Interactivity” places technological discourse front and center because of its physically discursive identity. As we are online entities, it is critical that we realize how interconnected we are in the Internet. We are so interconnected that any country’s legislation incurs global repercussions. A bill like CISPA seeks to take our authenticity and appropriate it for whatever means the Director and all the authorized personnel permitted determine. Notably, there are two discourses in this bill that infringe upon the ordinary citizen’s rights, affecting any access to the findings or activities of this Community, though the information collected are of their own identities. Under Section 1104, Part 4, CISPA makes specific mention of privacy in critically defining ways. It reads: “NO RIGHT OR BENEFIT- The provision of information to a private sector entity under this subsection shall not create a right or benefit to similar information by such entity or any other private-sector entity” (112 Congress). Specifically, I want to focus on the relationship implied here. There seems to be an implication that the relationship between the 6 Intelligence Community and the “private sector entity” is one-sided; the private sector has “no right or benefit” to whatever this cyber threat intelligence is, but only has access to it. I feel there is more to this. Fairclough points out, “We can think of such struggle as not only in language in the obvious sense that it takes place in discourse and is evidenced in language texts, but also over language. It is over language in the sense that language itself is a stake in social struggle as well as a site of social struggle” (88). His deconstruction of the property of discourse evidences how large of investment we actually have in language as people. Because discourse is our means of articulating who we are and where we are as humans, the construction of ourselves relies upon how we socially construct the use of language—legal discourse being the most socially constructive of discourses. If we are to remember Baym’s emphasis on a given dialectical experience with technology, we connect our social construction of identity to the term of privacy. Incorporating privacy into CISPA problematizes legal discourse through its attempt to appropriate identities of people by mandating a relationship with the private sector. This struggle that Fairclough speaks of leads to looking at the language in this section of CISPA on variant terms. One is that privacy, as a major participant in legal discourse, delineates a history in which people have control over aspects of their lives. Privacy directly relates to how individuals separate themselves from society and in what ways they participate in it publicly. I refer here to discussion of the First Amendment, as referenced in Bowers v. Hardwick. Justice Byron White contends, [Respondent Hardwick] relies on Stanley v. Georgia (1969), where the Court held that the First Amendment prevents conviction for possessing and reading obscene material in the privacy of one’s own home: “If the First Amendment means anything, it means that the State has no business telling a man, sitting alone in his house, what books he may read of what films he may watch.” (SCOTUS) 7 I am pulling from this case with a point in mind. The reference to the First Amendment is powerful; all ‘men’ have a Constitutional right to access information as they please. Within the realm of privacy, the government should not have the ability to interpret this access as it pertains to what one does in one’s home. Considering the nature of the Internet as a highly discursive space, the way we interact with it in the frame of privacy is vastly significant. Our stake, then, is the site of this struggle: the Internet itself. We have a need to determine in what ways our negotiation within the space of the Internet is ours, and what places are not. CISPA does not provide this analysis, but encroaches upon it. My analogy to a very important case regarding the rights of homosexual activity provides me with a turn of analysis. I know that the law only gives the State power to intervene with our First Amendment rights when it is a matter of public interest. However, the language in CISPA emphatically divides the public and private spheres in illegitimate ways. I ask: what happens when we are legally prevented from even asking to partake in the discussion of how we can negotiate in a space that is predominantly, discursively ours? This tells me that CISPA and all other legislation regarding the Internet and privacy are a matter of both public and private interests. In part (b) of Section. 1104, it reads: (3) EXEMPTION FROM LIABILITY – No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, selfprotected entity, cybersecurity provider, or an officer, employee, or agent of a protected entitiy, self-protected entity, or cybersecurity provider acting in good faith— . (112 Congress) Detailed as one of the most implicit uses of legal discourse I have seen throughout this bill, our ability to participate in a discussion with the Intelligence Community over any information seized in whatever manner they decide would be made illegal through CISPA. If this law passes, 8 we will have no legal right to challenge this legislation in a court of law. This begets a realm of tension between insiders and outsiders of what is, by the very nature of the law, an all-inclusive discourse community. Though the insiders granted access to our information via CISPA may have no legal recourse, it does not make it legitimate. In fact, it does quite the opposite. CISPA and other divisive legislation over privacy systemically create a war over language, which is how appropriation of public citizens occurs. The war concerns itself over the most powerfully rhetorical discourse: ideology. Fairclough mentions the aspect of discursive dominance that such legislation would permit: Imagine, for instance, ideology one day apparently coming to have a fixed meaning which one could check up on in ‘the dictionary’, and which was not contested. This could only mean that one ‘side’ in the struggle between meaning systems had gained undisputable dominance. The fixed meaning would in this sense be an effect of power – in fact the sort of ideological effect I have called naturalization. (94-5) According to Fairclough, naturalization occurs when ideology becomes common-sensed. In light of CISPA, we see that the access to undeterminable “cyber security information” lies solely in the hands of the Director of National Intelligence and their Intelligence Community without any ability for the public to question or negotiate how their information is accessed or used. Not only is this a violation of our Constitutional rights, but the purpose of CISPA leads to privatize our very identities. And to what end? How does such naturalization/privatization denote who we are as a discursive community in the Internet? Perhaps it is necessary to first look at what parts of ourselves are in jeopardy within this legislature. Eff put out a short piece on CISPA that led me 9 to write this essay. Rainey Reitman and Lee Tien clearly detail what forms of our information are compromised in this legislation. They argue, Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.” (Reitman and Tien) Both Reitman and Tien notice the common-sense at work in CISPA, and they also understand the significance of the ambiguity in this legislation. Without specific definitions of what CISPA will monitor, collect, retain, “use”, our information can (and will) become a tool for a means we are made wholly unaware of, and cannot challenge if we find cause to contend. The commonsense of “good faith” renders this legislation promising—complementary. Nothing could be more discursively inaccurate. The ethical implication of such religious doctrine granted to the insiders of the Intelligence Community relies upon how they view such action. I convene at this time to attend to the primarily restrictive focus of CISPA to highlight how such common-sense action takes naturalization and privatization one step further. There is yet another discourse at work within this legislation that remains highly invisible: corporatization. The Fourteenth Amendment defined that “all persons born or naturalized in the United States” to be “granted citizenship” (“Primary”). However, one crucial piece of legislation altered this unseemingly ambiguous term, person, to mean something many of us had not 10 expected. In a pdf for reclaimdemocracy.org, Doug Hammerstrom explicates the implications of corporate personhood: Corporations, on the other hand, hijacked the Fourteenth Amendment and have used it to consolidate their power in the U.S. and the world. Corporations have gained many of the inalienable rights of humans guaranteed by the Bill of Rights with their status as “persons” under the Fourteenth Amendment. Through their right of free speech they have captured our legislatures and regulatory agencies. They have used the key to the courts that the Fourteenth Amendment provides them to invalidate legislation that might have slipped through their control of the legislative process. (3) Hammerstrom’s emphatic language frames a way of looking at corporate personhood as a discursive force that Fairclough argues dominates the “effect of power.” Because CIPSA permits the relationship between the Director of National Intelligence and a private sector, the privatization of cybersecurity intelligence and information becomes corporate property. What is the big deal: it is only 854,000+ undisclosed individuals having control over our private information as part of an implied economic trade value. The problem with the combination of these legislations must be exposed and made explicitly clear. As Fairclough says, “‘the dictionary’ as the authority on word meaning is very much a product of the process of codification of standard languages and thus closely tied to the notion that words have fixed meanings” (93). The Fourteenth Amendment sought to define what makes a “person” a person, but failed to create a fixed meaning for this term. Once corporate personhood passed, our notions of individual selves became codified with corporate ideology. The denotation of personhood became something negotiable—a realm of discrepancy between insiders who are using the unstable meaning to their own legislative ends. CISPA defines a 11 “certified entity” as one who is “protected” or “self-protected” who is in direct contact with a “cybersecurity provider”, “a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes” (112 Congress). Though our ordinary citizenry are not participants in the discourse of the Intelligence Community, our information—“goods”—become the property meant for trade between one who is certified and protected in obtaining these goods and those who provide the services necessary to obtain them. Codification personified. The overall issue with CISPA leads to contention over Equal Protection. As the clause in the Fourteenth Amendment states that “no person or class of persons shall be denied the same protection of the laws that is enjoyed by other persons or other classes in like circumstances in their lives, liberty, property, and pursuit of happiness”, our inclusion within the Intelligence Community is a right (“Equal”). Without such inclusion, our fundamental access to our rights as public citizens is violated, thus requiring social and legal action from all of us. To outsource our private use of the Internet appropriates us within undetermined means as discursive property—an imposed tautology defined by both the government and private corporations, however they collectively see fit. And we are silenced from even simply having a say in this matter. We are no longer persons, but private property; all ownership of ourselves in the Internet will be taken from us. Circumstantially, this is space for negotiation: “Such struggles are also over boundaries” (Fairclough 101). The boundary between insiders and outsiders will be made broad if CISPA passes. Without an ability to participate in the making and defining of this legislation, the people of this country will lose even more of their already slim Constitutional rights. We need to reappropriate the discourse to combat CISPA in order to protect our identities as public citizens in our democracy. I am inclined to think that this is what those pushing this legislation in Congress want. By controlling the language that defines the Intelligence Community without explicit reference to 12 ordinary citizens, those in Congress seek to make our identities invisible. Like Fairclough, Baym sees this in light of inflectional, tautological terms. She uses a different word with quite similar meaning: “Ultimately, over time, people stop questioning individual technologies. Through a process of domestication, they become taken-for-granted parts of everyday life, no longer seen as agents of change” (24). Say CISPA or any other regulatory legislature on privacy and personhood passes, the language in such legal discourse will set a precedent of definition for individuals as they are participants in the Internet. A highly appropriative influence will set a standard of power between the government and the people. The control over our interaction with each other will become sellable goods to retain as this Community sees fit—in good faith. But they, and we for that matter, are missing something more powerful, more discursive. The information and use of the Internet is not a space that the United States owns. The Internet is a global entity, not to be bought, dissected, or sold in pieces like corporate America and Wall Street do with everything else. The Internet is not a business; it is a living, breathing discourse made up of an interactive and interconnected global community. Nicolas Mendoza’s biophilic article “Metal, code, flesh: Why we need a ‘Rights of the Internet’ declaration” explains the way Congress and other countries view the Internet in Western ideological terms. Mendoza initiates conversation with French President Nicolas Sarkozy’s statement that “‘the internet is the new frontier, a territory to conquer’” (emphasis mine) to expose the notion of colonization (“Metal”). He goes on, “with the decline of state colonialism, capitalist governments and corporations now dream of the internet as the tool for corporate growth through ontological colonialism, free to expand within the mind and the planet, exploiting everyone alike” (“Metal”). Like centuries of history, Western governments are apt to embrace new frontiers on simplistic terms where land must be conquered, saved from savagery by indoctrinating the people, and spreading democracy everywhere. In good faith, of course, 13 because we all know that nothing completely heinous has ever happened in the name of Western colonial ideology—ever. After doing all of this research, I resist the idea that the Internet must be “saved”. This is not to dismiss the truth that real cyber threats exist, nor that we need better security measures in place to prevent viruses and intrusive attacks on ordinary citizens. But I also do not think I would like to sign over my rights to participate in how we can collectively approach ways to protect all of us on the Internet; I do not feel that CISPA or any other secretive and ambiguous legislation will provide the security necessary. What we do need is a different kind of legislation, one Mendoza declares agreement: a Declaration of Internet Rights. Only this is a firmly all-inclusive form of legal action. He says, The inherent diversity of the web, which goes beyond human diversity would therefore require an equally diverse group discussing these rights. Not only the West, and not only the vendors or legislators, but also scientists, programmers, humanists, anthropologists, internet communities themselves, and in general representatives of all human and non-human stakeholders need to come together to draft these rights required for the lasting health of the web. (“Metal”) To have a “Declaration of Internet Rights” is to promote true democracy. Yet, this would demand that we move beyond borders, boundaries, American corporate definitions of “people,” and initiate a global conversation. The Internet is more than a country, more than man; it is the ever-living part of everything we do on Earth. Thus, no piece of legislation can ever fully circumvent an entity that goes beyond legal definition. I say this because no matter the recourse—no matter the law—the Internet is here, and it is alive. The Internet does not live by man-made laws; the Internet makes its own ethics as it goes. 14 15 Works Cited Baym. Nancy K. Personal Connections in the Digital Age. Cambridge, UK: Polity Press, 2010. Print. “Equal Protection.” The Free Dictionary. Farlex, Inc., 2012. Web. 21 Mar. 2012. Fairclough, Norman. “Discourse, common sense and ideology.” Language and Power. London: Longman, 1989. Print. 77-108. Hammerstrom, Doug. “The Hijacking of the Fourteenth Amendment.” ReclaimDemocracy.org 2002. PDF file. Mendoza, Nicolas. “Metal, code, flesh: Why we need a ‘Rights of the Internet’ declaration.” Al Jazeera. Al Jazeera Network, n.d. 15 Feb. 2012. Web. 15 Feb. 2012. “Primary Documents in American History: 14th Amendment in American History.” Library of Congress. The Library of Congress, 13 Apr. 2011. Web. 20 Mar. 2012. Purvis, Carlton. “More Than Four Million Hold U.S. Security Clearances.” Security Management.com Security Management, 2012. Web. 20 Mar. 2012. Reitman, Rainey and Lee Tien. “Rogers’ ‘Cybersecurity’ Bill is Broad Enough to Use Against WikiLeaks and The Pirate Bay.” Eff.org 8 Mar. 2012. Web. 19 Mar. 2012. Supreme Court of the United States. “Bowers v. Hardwick.” Edited for Course Use. (1986) Blackboard. California State University, San Bernardino. Web. 22 Jan. 2012. United States. Security of Defense. “National Security Act of 1947.” intelligence.senate.gov. Congress, 26 July 1947. Web. 20 Mar. 2012. United States. 112th Congress. “Cyber Intelligence Sharing and Protection Act of 2011.” Thomas.loc.gov. Thomas: Library of Congress, 11 Jan. 2012. Web. 19 Mar. 2012.