Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments

from the last-minute-push dept

Update: The White House has now officially threatened to veto CISPA.

In Congress, this week is CISPA week. With the bill going up for debate tomorrow, and the final vote scheduled for Friday, it's clear that the voice of the internet community has had an impact. The reps have been proposing their final amendments, and all are clear attempts to address some of the biggest criticisms from civil liberties groups and the public. CISPA has strong bi-partisan support and a very good chance of passing—and unfortunately, it's still a highly problematic bill. But, while the proposed amendments cannot perfect it, some of them could certainly reduce its potential for abuse in significant ways. If you're looking for a practical way to fight back against the serious privacy violation that CISPA represents in these final days before its potential passage, encouraging your representative to support these amendments is a good place to start.

There are two in particular that, though simple, would make drastic improvements on CISPA by refocusing it on network security and minimizing the chance of shared data being used to go after individuals. An amendment from Rep. Barton (pdf and embedded below) would insert the sensible requirement that shared data will only include personal information (further defined to include the content of any communications and even IP addresses) if it is necessary to combat a specific cyber attack. Another, even better amendment from Rep. Akin (pdf and embedded below) goes a step further and would bring CISPA back in line with the fourth amendment by barring the sharing of any personally identifiable information without a warrant. Of course, it's annoying that such an amendment is necessary—but the whole point of CISPA is to route around well-established requirements like going to a judge before violating someone's privacy. Though the bill still creates all sorts of potential privacy problems, the Akin amendment fixes a big one.

Rep. Thompson has also proposed an amendment (embedded below) that is supposed to address privacy concerns, and TPM reports that it is being backed by Ron Paul, who got attention earlier this week with a strong condemnation of CISPA. However, the Thompson amendment seems to lack teeth: it has a lot of talk about "minimizing" the impact on privacy and making "reasonable efforts" to remove personal information, and graciously offers to consult with "civil liberties stakeholders" (wouldn't that be everybody?), but it sets down no firm requirements or limitations. Despite being a fraction of the length, both the Akin and Barton amendments would do far more to fix CISPA, because they clearly prohibit certain activities.

Thompson's other proposed amendment (embedded below), however, is very good: it would limit the government recipients of the data from the overly broad "Federal Government" in the current bill to just Homeland Security and other civilian agencies. This addresses the significant fear that the NSA could use CISPA to expand their already-aggressive data collection programs. While civilian agencies and the DHS especially are hardly perfect, this would still be a lot better than handing data collected under CISPA over to the intelligence community.

There are other amendments on the table too, but these are some of the ones that get directly to the core privacy issues that make CISPA so dangerous. The CDT has a post taking a look at others. Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday's vote is still not guaranteed there's no reason to stop speaking out against CISPA as a whole. But it's also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.







Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cispa, congress, dhs, fourth amendment, nsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Apr 2012 @ 10:42am

    I'm looking at Bartons and...

    I can't conceive of why financial account passwords would be needed to thwart a cyber-security threat?
    I can see forwarding transaction history, or working with a financial provider to freeze an account - but I can't see where it would be appropriate for law enforcement to access an account directly.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2012 @ 10:46am

      Re: I'm looking at Bartons and...

      Barton's also left a huge loophole at the end:

      Any other similar personal content that the Director of National Intelligence determines is appropriate to be considered personal information.

      link to this | view in chronology ]

      • icon
        :Lobo Santo (profile), 25 Apr 2012 @ 10:48am

        Re: Re: I'm looking at Bartons and...

        You see, if there's too much money in the suspects account, they can remove some electronically prior to arrest and trial...

        link to this | view in chronology ]

        • icon
          ltlw0lf (profile), 25 Apr 2012 @ 11:28am

          Re: Re: Re: I'm looking at Bartons and...

          You see, if there's too much money in the suspects account, they can remove some electronically prior to arrest and trial...

          Law enforcement is expensive, as is the court system. They are just recouping their costs ahead of time. Its cheaper than arresting them, holding them and their accounts hostages, then having both disappear into the system never to be heard from again. Just wait until they codify capital punishment for companies and people they don't like and things will get much easier for them.

          link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 25 Apr 2012 @ 10:48am

    CISPA isn't fixable

    No amendment or collection of amendments can fix this, any more than any set of modifications could turn a 1974 Ford Pinto into a Formula 1 race car. The problem is that the entire philosophy behind the bill is wrong. (Okay, that's not the only problem, but it's the fundamental one.)

    And the philosophy is wrong because the authors didn't bother to talk to any of us who've actually been doing this stuff for a long time. They didn't bother to learn. They didn't both to hear about things that work and things that we're pretty sure are never going to work. They didn't talk to Ranum and Bellovin and Spafford and Cheswick and Schneier and Felten and Halderman and Weinstein and Neumann and Edelman and Crocker and Lewis and Forno and and and...

    If they had, and if they'd listened, then maybe they'd realize that the entire approach they've taken is not only ill-advised and fraught with extremely serious privacy issues, but its most likely outcome is to make things much worse.

    But as it stands, they're meddling in things that they don't understand, at the behest of the OMG!OMG!CYBERWAR cheerleaders and with the backing of all the ersatz security companies ready to sell horribly overpriced snake-oil. This won't end well.

    link to this | view in chronology ]

    • icon
      gorehound (profile), 25 Apr 2012 @ 11:15am

      Re: CISPA isn't fixable

      +1
      In other words these people do not really care and they are putting on a little show to gain some public favor.
      I will Vote against anyone who supports this Bill and says YES to it.
      CISPA & their other pitiful attempts wit the Internet which are coming after this one are all written by those who have very little Technical Knowledge at all.
      But they will give out jobs to those who Lobbied them with the Big Bucks and the 99.9999999999999% of the rest of us will not be one bit happy at all at the Results.Things will be worse not better.
      DUH !

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2012 @ 11:54am

      Re: CISPA isn't fixable FTFY

      This won't end well for the non snake-oil salesmen.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 10:51am

    Thompson's

    I had to laugh when I read Thompson's that says that DHS should be in charge of making sure that the privacy impact is minimized.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 11:06am

    Why fix it at all. Lets stop it dead and leave it in a gutter somewhere.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 11:16am

    "Fixing"

    They will not fix anything. We are talking about Congress here. Silicon Valley is ignoring the people on this one. You can't fix it. You can only kill it. The people have to speak out or else they will "fix" it, and the bill will still act as it is designed too.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 11:25am

    Reading politico I get a strong feeling that the House's Friday vote on this has little to do with cyber security, and more to do with attempting to make Obama and senate democrats look bad by daring them not to pass a bill designed to defend America against something. That way if there's a cyber attack between now and election day house republicans and Romney can blame Obama & democrats for not taking cyber security seriously enough.

    And this my friends is the worst way to write legislation. remember the PATRIOT act, rushed through to defend us from evil terrorists who caused 9/11 by a 99 to 1 vote in the senate? Yeah, turned out to not be such a good idea to lots of people once they learned about it's violations of American's privacy.

    And then there was the Wall Street bailout, passed a few months before the 2008 election, with strong bipartisan support, including both presidential candidates. Because we HAD to do something, and giving hundreds of billions of dollars to the very people who caused the big economic mess seemed like the best idea that both parties could agree to. Yet studies showed spending that kind of money on ANYTHING would have had mostly the same effect at helping the economy.

    link to this | view in chronology ]

    • identicon
      Candid Centrist, 25 Apr 2012 @ 6:26pm

      Re: Anonymous Coward, Apr 25th, 2012 @ 11:25am

      You have it all backwards. Obama knows that Congress will veto his veto, just as they did with NDAA 2012. He's just trying to win the minds of voters by "opposing" this heinous Bill.

      We'll never know if he's a fan if it, but considering he updated NDRP and H.R. 347 all on his own, I think he's a fan of anything of the statist agenda.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 25 Apr 2012 @ 12:08pm

    LOL! Mike has B-teamer Leigh trying to rally the troops. If Mike really thought Techdirt could sway anything here, he'd be leading the charge himself so as not to miss out in the glory. Instead, he's got some idiotic Canadian leading the charge for against U.S. legislation. Worry about your own stupid fucking country, Leigh. You guys are such fucking huge jokes.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 12:16pm

    "Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments"

    and why should this bill even pass?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2012 @ 12:33pm

      Re:

      Read the last paragraph of the article again:
      Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday's vote is still not guaranteed there's no reason to stop speaking out against CISPA as a whole. But it's also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 1:49pm

    Apparently I don't understand the legislative process. When a bill is being drafted, isn't there a legal staff available to advise on the ecosystem in which the bill will operate? In CISPA's case, that means the Wiretap Act, the Electronic Communications Privacy Act, etc. I can only conclude that 1) no such advisory process exists, 2) the process was skipped, or 3) Rep. Rogers and the other cosponsors understand, but don't care about its privacy implications. Each of these conclusions is downright scary!

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 25 Apr 2012 @ 3:07pm

      Re:

      Part of the problem is that so many of these bills are drafted directly by the lobbyists, and it's their legal staff that gives the advice.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2012 @ 6:13pm

    No.

    CISPA in any form is unacceptable. Amendments are not acceptable because the basic bill itself is not acceptable. This is a solution in search of a problem, therefore the need for it to exist is null.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.