UPDATE [4/26]

House of Representatives Passes CISPA on a vote of 248 to 168.

Read more about how amendments actually made the bill worse before it was put up for a ‘rush’ vote in this great post on TechDirt.

[Insanity: CISPA Just Got Way Worse, And Then Passed On Rushed Vote]


UPDATE  [4/25]

White House takes aim at CISPA with formal veto threat

“In a new statement [on 4/25], the White House’s Office of Management and Budget said that the CISPA bill endangered Americans’ privacy and inappropriately shielded private companies from liability.”

[Read the full article at CNET]

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

According to a recent article from The Hill, the White House is now resisting certain aspects of the CISPA bill – set to be voted on next week – citing that “cybersecurity legislation should include strong privacy protections and should set mandatory security standards for critical infrastructure systems, such as electrical grids and water supplies.”

Huh? Okay, let’s back up a little.

“CISPA is intended to protect against catastrophic cyberattacks and economic espionage, but the broad definitions of CISPA unfortunately allow for much more.”
– Dan Auerbach and Mark M. Jaycox at EFF

The Cyber Intelligence Sharing and Protection Act is a bill introduced last November by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD). In summary, this bill defines “cyber threat intelligence” and requires the Director of National Intelligence (currently James R. Clapper) not only to set up a system whereby government and private-sector entities share cyber threat intelligence, but also to encourage the sharing of such intelligence. Here are some highlights according to [the many great] postings at EFF (the Electronic Frontier Foundation) about CISPA:

  • It would allow a private company to read your e-mails, without a warrant, and share them with other companies as well as the government. Once they have your information they can basically use it for any purpose they want. (The “broad language” thing again.)
  • It could also allow companies to filter or block internet traffic. According to EFF it “opens the door for ISPs and other companies to perform aggressive countermeasures like dropping or altering packets, so long as this is used as part of a scheme to identify cybersecurity threats. These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet.”

Critics of CISPA point out that the broad language of the bill allows for information sharing of consumer’s personal data between private companies and the government, but does not specify what that data can (or can’t) be used for. Advocates of internet privacy and net neutrality argue that the bill could (and likely would) be more often used to punish those involved in file sharing than catching foreign spies and hackers. The experts at EFF also point out that if private data were to be misused, recourse might be possible, but unlikely due to the statute of limitations, effort and cost one would incur trying to get a case of this nature through the courts.

Permission now or forgiveness later?

Interestingly, despite the serious privacy concerns, Facebook came out in support of CISPA legislation, (along with more than 800 other companies) citing that the current lack of information sharing regarding network security threats between government and private companies hinders them from offering better privacy protection to users. In a statement posted April 13, 2012, they emphatically submit, “The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place…” So, while they recognize there are legitimate concerns about privacy, what they’re essentially saying is – what they get out of this bill trumps your right to privacy. Put another way, they’ll promise now that they will in no way infringe upon your right to privacy, but if this bill passes, they’ll turn right around and infringe on your privacy, share your data, and tell you after the fact that they’re sorry – maybe.

Join me in opposing this bill by using this online form to send a letter to Congress against CISPA.

CISPA and SOPA, btw, are two entirely different things. Comparisons between the two are either being drawn by the misinformed or in an effort to “wag the dog”… “Squirrel!”