CISPA – sorry, still no cigar. [updates – Ron Paul offers amendments, bill passes, Prez threatens veto]

It seems that, despite the controversy over NDAA and SOPA last year, politicians still aren’t getting it.  From the people who brought you indefinite detention, 30,000 drones flying over America by 2015 and a potential crippling of the Internet by the content creators, now comes CISPA.

CISPA stands for “Cyber Intelligence Sharing and Protection Act”  – H.R 3523, written by Congressman Michael Rogers of Michigan. It is currently sponsored by over 110 congress members including several OC members – Ken Calvert, Darrel Issa and Gary Miller. The bill is designed to make sure that all of the data we send on the Internet from our instant messages and rants on Facebook gets sucked into a giant database for the benefit of the government, as a voluntary arrangement by participating companies.

CISPA was going to have a section on Intellectual Property, but due to the uproar over SOPA, the bill was re-written to address many of the opponents’ concerns.  Still, privacy advocates feel these changes are cosmetic and not substantial enough to end their opposition to the bill.

CISPA allows private companies to share their data in the quest for “cyber security”, but the bill has no transparency in how companies use the public and private data we generate daily. When there are no checks and balances there will always be abuse. Basically, being on the Internet it will now be like getting dressed stark naked with all the windows open.  We are basically trading our liberty for companies’ security, and you and I will be receiving neither.

This legislation may have good intentions, but it overreaches. Congressman Rogers is correct that nations like China are infamous for stealing the intellectual property of United States businesses. The Patriot Act began the era where the government could do warrantless wiretaps;  now we are going to get the same in our Facebook and Twitter feeds. I understand that companies such as Facebook, Google, Intel and Microsoft want to protect their intellectual property from being copied from foreign nations, but end users should not be forfeiting their liberties for these companies’ benefit.

Team CISPA needs to go back to the drawing board and pull their effort for consideration. If we are going to dump millions of gigabytes of data into a giant database to find out where Al Qaeda is going to have their next terrorist attack on our nation, there needs to be some accountability.  If you’ve had enough, call your congressional members today to encourage them to either reject H.R 3523 or pull their support from the legislation!

Update 4/28

First Ron Paul, 4/25:

Ahead of a looming vote in the House, lawmakers on Tuesday proposed four new amendments to the controversial cybersecurity bill known as CISPA. Prominent CISPA critic Rep. Ron Paul (R-TX) will be supporting two of the amendments, according to House staffers.

Paul released a lengthy statement online slamming CISPA, or the Cyber Intelligence Sharing and Protection Act, on Monday, calling it “the latest assault on internet freedom” and an “alarming form of corporatism,” and “Big Brother writ large.”

Paul’s language echoed the criticisms of Web advocacy groups that launched online protests against the bill in early April, arguing that its language was too broad and could result in companies and the government sharing personally identifiable Web user information with each other without proper oversight or legal recourse.

CISPA seeks to allow the government and private companies such as internet service providers and websites like Facebook to share more information related to “cybersecurity threats” with each other than they do currently, in an effort to identify and repel common threats from hackers and malware.

The protests have only intensified in recent days in anticipation of the House vote, which will likely occur Friday, staffers told TPM. No precise date for the vote has yet been set. Even if it does pass the House, the bill will still have to pass the Senate and be signed into law by the president.

But now, staunch critic Paul appears to be ready to support two amendments to the bill, House staffers told TPM.

One of the amendments Paul is ready to support came from his Democratic colleague Rep. Bennie Thompson (MS) on Tuesday. The proposed amendment, which also counts Rep. Justin Amash (R-MI) as a supporter, would add a whole new section to CISPA designed to protect “privacy and civil liberties” of Web users.

Thompson’s amendment seeks to offer Web users protection by making the Secretary of Homeland Security and Director of National Intelligence coordinate with privacy and civil liberties groups develop policies to “minimize the impact on privacy and civil liberties,” and to “reasonably limit the acquisition” and sharing of personally identifiable information. The U.S. Attorney General would then approve these policies.

Another amendment supported by Paul and also proposed by Thompson, seeks to reign in just which agencies and companies can share cyberthreat information, limiting it to only the Department of Homeland Security. The latest version of the bill leaves the door wide open to any intelligence agency to get its hands on the information, referring only to “the Federal Government” writ large (see section (b)(1)(ii)).

The third proposed amendment to CISPA introduced came from by Rep. Dan Lungren (R-CA). It would essentially rewrite the entire bill to make it more like his alternative bill, the PRECISE Act, which was previously supported by the Center for Democracy and Technology, a prominent advocacy group criticizing CISPA.

The final amendment to CISPA proposed on Tuesday came from Rep. Adam Schiff (D-CA). It too seeks to outline protections for Web users’ civil liberties and privacy, by “minimizing the collection of publicly identifiable information,” according to a press release, following along the lines of a Senate bill. Schiff’s bill would also narrow the purposes for which a Federal agency may use cybersecurity information and would adopt more specific definitions for cybersecurity threats and information, something the bills critics have also cited as problematic.

Still, even before the amendments, CISPA already enjoyed wide bipartisan support in Congress and from the private sector. The bill’s sponsor, Rep. Mike Rogers (R-MI) told TPM in an interview that he was “confident” it would pass this week.

Correction: This article originally incorrectly stated Rep. Paul’s position as being “ready to support the bill.” In fact, Paul currently supports certain amendments cited, not necessarily final passage. We have since corrected the error in copy and regret it.

From yesterday:

The House Passes CISPA With New Amendments Expanding Power and Squashing Online Privacy

Yesterday, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA).  President Barack Obama had threatened to veto the bill, which poses a great threat to internet privacy.  From the New York Times:

The vote was 248 to 168, as 42 Democrats joined 206 Republicans in backing the bill. The “no” votes were cast by 140 Democrats and 28 Republicans, including a number who described the measure as a potential threat to privacy and civil liberties.

Under the bill, the federal government can share classified information with private companies to help them protect their computer networks. Companies, in turn, could voluntarily share information about cyberthreats with the government and would generally be protected against lawsuits for doing so if they acted in good faith.

The vote followed a debate on amendments, many of which passed and expand government power.  From Tech Dirt:

CISPA allowed the government to use information for “cybersecurity” or “national security” purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.

Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a “cybersecurity crime”. Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government’s power.

Read more about the bill here.

Remember a few months ago, the NDAA, when we lit up the White House switchboards?  Stand by, we’ll do it again.  –  V


About Matt Munson