Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments
from the last-minute-push dept
Update: The White House has now officially threatened to veto CISPA.
In Congress, this week is CISPA week. With the bill going up for debate tomorrow, and the final vote scheduled for Friday, it’s clear that the voice of the internet community has had an impact. The reps have been proposing their final amendments, and all are clear attempts to address some of the biggest criticisms from civil liberties groups and the public. CISPA has strong bi-partisan support and a very good chance of passing—and unfortunately, it’s still a highly problematic bill. But, while the proposed amendments cannot perfect it, some of them could certainly reduce its potential for abuse in significant ways. If you’re looking for a practical way to fight back against the serious privacy violation that CISPA represents in these final days before its potential passage, encouraging your representative to support these amendments is a good place to start.
There are two in particular that, though simple, would make drastic improvements on CISPA by refocusing it on network security and minimizing the chance of shared data being used to go after individuals. An amendment from Rep. Barton (pdf and embedded below) would insert the sensible requirement that shared data will only include personal information (further defined to include the content of any communications and even IP addresses) if it is necessary to combat a specific cyber attack. Another, even better amendment from Rep. Akin (pdf and embedded below) goes a step further and would bring CISPA back in line with the fourth amendment by barring the sharing of any personally identifiable information without a warrant. Of course, it’s annoying that such an amendment is necessary—but the whole point of CISPA is to route around well-established requirements like going to a judge before violating someone’s privacy. Though the bill still creates all sorts of potential privacy problems, the Akin amendment fixes a big one.
Rep. Thompson has also proposed an amendment (embedded below) that is supposed to address privacy concerns, and TPM reports that it is being backed by Ron Paul, who got attention earlier this week with a strong condemnation of CISPA. However, the Thompson amendment seems to lack teeth: it has a lot of talk about “minimizing” the impact on privacy and making “reasonable efforts” to remove personal information, and graciously offers to consult with “civil liberties stakeholders” (wouldn’t that be everybody?), but it sets down no firm requirements or limitations. Despite being a fraction of the length, both the Akin and Barton amendments would do far more to fix CISPA, because they clearly prohibit certain activities.
Thompson’s other proposed amendment (embedded below), however, is very good: it would limit the government recipients of the data from the overly broad “Federal Government” in the current bill to just Homeland Security and other civilian agencies. This addresses the significant fear that the NSA could use CISPA to expand their already-aggressive data collection programs. While civilian agencies and the DHS especially are hardly perfect, this would still be a lot better than handing data collected under CISPA over to the intelligence community.
There are other amendments on the table too, but these are some of the ones that get directly to the core privacy issues that make CISPA so dangerous. The CDT has a post taking a look at others. Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday’s vote is still not guaranteed there’s no reason to stop speaking out against CISPA as a whole. But it’s also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.
Filed Under: cispa, congress, dhs, fourth amendment, nsa
Comments on “Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments”
I'm looking at Bartons and...
I can’t conceive of why financial account passwords would be needed to thwart a cyber-security threat?
I can see forwarding transaction history, or working with a financial provider to freeze an account – but I can’t see where it would be appropriate for law enforcement to access an account directly.
I'm looking at Bartons and...
Barton’s also left a huge loophole at the end:
Any other similar personal content that the Director of National Intelligence determines is appropriate to be considered personal information.
I'm looking at Bartons and...
You see, if there’s too much money in the suspects account, they can remove some electronically prior to arrest and trial…
CISPA isn't fixable
No amendment or collection of amendments can fix this, any more than any set of modifications could turn a 1974 Ford Pinto into a Formula 1 race car. The problem is that the entire philosophy behind the bill is wrong. (Okay, that’s not the only problem, but it’s the fundamental one.)
And the philosophy is wrong because the authors didn’t bother to talk to any of us who’ve actually been doing this stuff for a long time. They didn’t bother to learn. They didn’t both to hear about things that work and things that we’re pretty sure are never going to work. They didn’t talk to Ranum and Bellovin and Spafford and Cheswick and Schneier and Felten and Halderman and Weinstein and Neumann and Edelman and Crocker and Lewis and Forno and and and…
If they had, and if they’d listened, then maybe they’d realize that the entire approach they’ve taken is not only ill-advised and fraught with extremely serious privacy issues, but its most likely outcome is to make things much worse.
But as it stands, they’re meddling in things that they don’t understand, at the behest of the OMG!OMG!CYBERWAR cheerleaders and with the backing of all the ersatz security companies ready to sell horribly overpriced snake-oil. This won’t end well.
Thompson's
I had to laugh when I read Thompson’s that says that DHS should be in charge of making sure that the privacy impact is minimized.
Why fix it at all. Lets stop it dead and leave it in a gutter somewhere.
CISPA isn't fixable
+1
In other words these people do not really care and they are putting on a little show to gain some public favor.
I will Vote against anyone who supports this Bill and says YES to it.
CISPA & their other pitiful attempts wit the Internet which are coming after this one are all written by those who have very little Technical Knowledge at all.
But they will give out jobs to those who Lobbied them with the Big Bucks and the 99.9999999999999% of the rest of us will not be one bit happy at all at the Results.Things will be worse not better.
DUH !
"Fixing"
They will not fix anything. We are talking about Congress here. Silicon Valley is ignoring the people on this one. You can’t fix it. You can only kill it. The people have to speak out or else they will “fix” it, and the bill will still act as it is designed too.
Reading politico I get a strong feeling that the House’s Friday vote on this has little to do with cyber security, and more to do with attempting to make Obama and senate democrats look bad by daring them not to pass a bill designed to defend America against something. That way if there’s a cyber attack between now and election day house republicans and Romney can blame Obama & democrats for not taking cyber security seriously enough.
And this my friends is the worst way to write legislation. remember the PATRIOT act, rushed through to defend us from evil terrorists who caused 9/11 by a 99 to 1 vote in the senate? Yeah, turned out to not be such a good idea to lots of people once they learned about it’s violations of American’s privacy.
And then there was the Wall Street bailout, passed a few months before the 2008 election, with strong bipartisan support, including both presidential candidates. Because we HAD to do something, and giving hundreds of billions of dollars to the very people who caused the big economic mess seemed like the best idea that both parties could agree to. Yet studies showed spending that kind of money on ANYTHING would have had mostly the same effect at helping the economy.
I'm looking at Bartons and...
You see, if there’s too much money in the suspects account, they can remove some electronically prior to arrest and trial…
Law enforcement is expensive, as is the court system. They are just recouping their costs ahead of time. Its cheaper than arresting them, holding them and their accounts hostages, then having both disappear into the system never to be heard from again. Just wait until they codify capital punishment for companies and people they don’t like and things will get much easier for them.
CISPA isn't fixable FTFY
This won’t end well for the non snake-oil salesmen.
LOL! Mike has B-teamer Leigh trying to rally the troops. If Mike really thought Techdirt could sway anything here, he’d be leading the charge himself so as not to miss out in the glory. Instead, he’s got some idiotic Canadian leading the charge for against U.S. legislation. Worry about your own stupid fucking country, Leigh. You guys are such fucking huge jokes.
“Now Is The Time To Improve CISPA Before Friday’s Vote By Pushing These Critical Amendments”
and why should this bill even pass?
Re:
oh…so you’re a troll AND a racist against canadians.
Re:
Read the last paragraph of the article again:
Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday’s vote is still not guaranteed there’s no reason to stop speaking out against CISPA as a whole. But it’s also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.
Apparently I don’t understand the legislative process. When a bill is being drafted, isn’t there a legal staff available to advise on the ecosystem in which the bill will operate? In CISPA’s case, that means the Wiretap Act, the Electronic Communications Privacy Act, etc. I can only conclude that 1) no such advisory process exists, 2) the process was skipped, or 3) Rep. Rogers and the other cosponsors understand, but don’t care about its privacy implications. Each of these conclusions is downright scary!
Re:
Part of the problem is that so many of these bills are drafted directly by the lobbyists, and it’s their legal staff that gives the advice.
Re:
I was unaware that “Canadian” was a race…
No.
CISPA in any form is unacceptable. Amendments are not acceptable because the basic bill itself is not acceptable. This is a solution in search of a problem, therefore the need for it to exist is null.
Anonymous Coward, Apr 25th, 2012 @ 11:25am
You have it all backwards. Obama knows that Congress will veto his veto, just as they did with NDAA 2012. He’s just trying to win the minds of voters by “opposing” this heinous Bill.
We’ll never know if he’s a fan if it, but considering he updated NDRP and H.R. 347 all on his own, I think he’s a fan of anything of the statist agenda.
Re:
Hey, Warner Music is being led by a Canadian and the RIAA has been championing legislation for how long now?