Cyber[“security”], Codification, and Personhood: How H.R. 3523 Colonizes Us in the Internet Our legal state within the Internet is in jeopardy. As we speak, politicians, policymakers, scholars, bloggers, and all of us ordinary citizens are involved in a predominately invisible war over what can and cannot be said, what can and cannot be read, and where we can and will go on the Internet. I call this an invisible war because of our inability to articulate how we approach the most fundamental technology in our lives. Everything we do is online. Our identities are composed, mostly in ways we cannot see, on the Internet. And right now, Congress is trying to pass yet another piece of legislation that will define not just how we access the Internet, but how the Internet accesses us: H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA). This bill is yet another form of legislation similar to SOPA, PIPA, ACTA, OPEN, et al. CISPA’s aim is “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes” (112th Congress). Like the bills that have come and failed before it, CISPA serves to appropriate our means of interacting in the Internet. Yet, also like the bills before, it serves to appropriate us through specific and not so specific discursive properties. Reading the legal language in CISPA through the lens of Norman Fairclough’s “Discourse, common sense and ideology” makes visible how this legislation seeks to naturalize, privatize and corporatize our collectively global, interactive identities.
Any discourse, by nature, creates its own tensions because of humanity’s inability to establish set meanings for terms. For that reason, we have a public duty to look specifically at legal discourse critically to understand how laws use language to define our lives. Norman Fairclough’s work in critical discourse analysis gives us a great place to begin looking at CISPA. His take on Harold Garfinkel’s analysis of social assumptions as the “common sense world of everyday life” is a beginning:
Such assumptions and expectations are implicit, backgrounded, taken for granted, not things that people consciously aware of, rarely explicitly formulated or examined or questioned. The common sense of discourse is a salient part of this picture. And the effectiveness of ideology depends to a considerable degree on it being merged with this common-sense background to discourse and other forms of social action. (77)
Taking this initial statement and applying it to the opening declaration in CISPA, Fairclough asks us to question what common sense assumptions are being made in this legislation. For one, CISPA implies that there is a threat to cybersecurity; though we know not what— nor do we get any explicit answer there. CISPA also uses the phrase “intelligence community”, which is a bit misleading. Who makes up this intelligence community? To what “entities” are they referring? I, for one, feel warm and fuzzy; surely, I am intelligent, part of a community, an entity interested in cyber security, and would most definitely want this community to share intelligence with me. But something tells me CISPA might be operating under a few common-senses that actually leave me out of said Intelligence Community. In Section II, CISPA mentions its plan to “[amend] by adding” to “Title XI of the National Security Act of 1947” by incorporating “Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat Intelligence With Private Sector” (112th Congress). We note that CISPA will work off a precedent established many decades ago to further an original legal discourse. The “Declaration of Policy” in the National Security Act details a consensus on defensive strategies as policy among the Navy, Air Force and the Army (“National”). The National Security Act of 1947 defines “Intelligence Community” as follows:
(A) The Office of the