This is not wholly surprising, but after some debate and some half-hearted attempts at pretending they care about the public's privacy rights, the House has passed CISPA, 288 votes against 127. The vote breakdown did not go fully along party lines, though it was clearly Republican driven. 196 Republicans voted for it, while just 29 voted against it (despite numerous conservative groups coming out against the bill). The Democrats split down the middle. 92 Dems voted for it and 98 against. If you compare this to last year, it looks like a lot more Democrats went from opposing to being in favor of trampling your privacy rights. Last year, 140 Dems voted against CISPA and only 42 for it. Either way, this seems like a pretty bi-partisan decision to shaft the American public on their privacy rights. That said, there is still the threat of a Presidential veto (though, with the vote today, the House is close to being able to override a veto). The bigger question is now the Senate, which couldn't agree on a cybersecurity bill last year, and has shown no signs of improvement this year. If you want to protect your privacy, it's time to focus on the Senate, and make sure they know not to pass a privacy-destroying bill like CISPA.

As was widely expected, Harry Reid tried to bring the problematic Cybersecurity Act back from the dead today. He needed 60 votes for cloture, which would have then allowed the bill to actually be debated upon (with various amendments considered as well). However, after a few short grandstanding speeches, the attempt at cloture failed, 51 votes to 47, well short of the 60 votes needed. Harry Reid then got up and lashed out at his colleagues, basically saying that he and other Cybersecurity supporters have been spreading so much FUD about how we're going to be attacked that he can't believe Senators didn't fall for it. Of course, one of the problems is that all of the fearmongering failed to actually identify the problems or threats other than to handwave about planes falling out of the sky and similar fanciful stories. Furthermore, it fails to acknowledge that rushing through a bill that has significant impacts on privacy of the public -- especially at a time when people are increasingly concerned about government snooping -- is a bad thing. Reid admitted that the cybersecurity bill in this Congress is likely "dead," though I'm sure something like it will be revived before too long. How about next time, rather than rushing it through and ignoring civil liberties, the government actually highlights the specific regulatory problems already in place, and why this bill is needed -- and does so while including civil liberties advocates in the discussions?

Despite the fact that his last attempt to shove a questionable Cybersecurity Act through Congress failed miserably, rumors are spreading that Harry Reid (perhaps at the urging of the White House) is going to try to use the lame duck session of Congress to try to get the flawed Cybersecurity Act through Congress once again. Given that those against the bill haven't seen any changes, it's hard to see a different result happening this time around, but you never know how last minute horse trading will fall out.

Reid is aiming to bring the Cybersecurity Act of 2012 to the floor at the end of next week after the Senate votes on Sen. Jon Tester's (D-Mont.) sportsmen's bill, according to Senate aides.

It appears that Reid's strategy is to try to make Republicans who voted against the bill "soft" on terrorism if they don't support the bill:

Last month Reid vowed to bring the cybersecurity bill to the floor in the lame-duck session, saying that Republicans "will have one more chance to back their words with action, and work with us to pass a bill."

This, of course, is silly. "Action" for the sake of action is dumb. Especially when it leads to passing a questionable bill that will have a negative impact on civil liberties and is targeting a problem that still has not been adequately laid out in any detail.

Over the last few days, it became clear that the big Cybersecurity Act in the Senate almost certainly didn't have the votes to pass. However, with all the negotiating and horse trading going on, there was still the possibility on some sort of "deal." Unfortunately, it seemed like the push for a deal also meant a push towards weakening the privacy protections. In the end, there was no deal, and no Cybersecurity Act this time around, as the vote in the Senate failed to reach the 60 vote threshold necessary for cloture (basically to continue moving the bill forward).

This certainly doesn't mean that any cybersecurity legislation is dead. There likely will be other attempts to get something through -- either something much less complex in this lame duck session, or (more likely) a bigger effort next year. The bill failed, in part, because some businesses were worried about it creating too many regulations for them. I still think it should have failed for failing to explain why it was actually needed. The good news, however, is that this latest version of the bill definitely took privacy concerns more seriously -- and the support for the Franken/Paul amendment would have made privacy safeguards even stronger. Hopefully this means that when the next attempt at cybersecurity comes through, that the baseline will include strong privacy safeguards. I'll have some more thoughts later on what Congress should do if it really wants to pass a cybersecurity bill, but for now, this version of the bill is dead.

We've been talking about the Senate debate over cybersecurity all week, and it appears that it's moving into the endgame process. Last night, Senate Majority Leader Harry Reid called for cloture -- basically the process to end the debate and move to a vote. In doing so, he also set it up such that he's basically blocking most amendments from being discussed. However, the important Franken/Paul amendment that increases privacy protections will be voted on. In fact, it will be the first amendment to be considered. Whether or not the overall bill passes (and there's some skepticism about whether the votes exist), it is important that the Franken/Paul amendment pass, and Congress get the message that protecting the public from government snooping is an issue the public cares about. Senate staffers have been saying that they've been getting calls on this issue, but more would certainly help.

The folks at Fight for the Future have set up the excellent Do you have a secret? site to highlight why government snooping is a serious problem. Similarly, the EFF has set up a useful site with an embedded Tweet tool (and, yes, tweeting about this also helps -- staffers are paying attention to this, though calling is always best).

The Franken/Paul amendment does have some support, including from Senator Chuck Schumer who made an impassioned speech last night for protecting our privacy rights within this bill, and how important such privacy protections were to the future of the internet. Either way, today and tomorrow are important days for letting your Senators know that stopping the government from snooping on your private info online is important to you, so speak up.

On Friday, we mentioned that this week is the week in which the Senate will wrangle over the new Cybersecurity bill. The current bill has some privacy safeguards, but not nearly enough. Senators Al Franken and Rand Paul have put together an amendment to strengthen the privacy safeguards even more -- and over the weekend, Senator Chuck Schumer agreed to co-sponsor the Franken/Paul amendment after talking to various folks in the tech industry and the civil liberties community. That adds more weight to the amendment. Unfortunately, Senators John McCain and Kay Bailey Huchison and a few others, who have been carrying water for the NSA throughout this fight, are looking to move the bill very far in the other direction, wiping out tons of privacy protections. It's really shameful.

Either way, this is the week to let your Senator know how you feel about all of this (and if you're a constituent of McCain or Huchison, please ask why they're so against protecting the privacy of the American public). The American Library Association has kindly set up a simple one-click tool to call your Senator and let them know how you feel.

The EFF has a page with some more info as well, noting that it's basically too late to email your Senators, so please call. If you want some more info, check out Fred Wilson's analysis of the situation, which matches almost exactly with mine. We still have not been given a compelling reason why any such legislation is needed. We keep hearing scare stories about mushroom clouds and planes falling from the sky if information can't be shared. But... what no one has done yet is explain which existing regulations block the necessary sharing of information. If they did that, we could look at fixing those laws. Instead, we're just told scare stories and given a massive 211-page bill that wipes out all sorts of previous laws, and adds all sorts of other things to the law. Given the length of the bill, it's quite likely there are some awful "easter eggs" in there that we'll only discover years down the road.

That said, if the bill is going to pass, it would be much better if it had very strong privacy protections in it, and the Franken/Paul amendment go a long way towards putting such protections in. The McCain/Huchison proposal do the opposite, and basically seek to take away privacy protections, while giving the NSA much more ability to access your data. Don't let the Senate trample your privacy rights. Go ahead and use the ALA's tool to contact your Senator today.

If you haven't been keeping up on all the politics of the cybersecurity bill fight over the past few weeks, a new bill was recently introduced that at least had some improvements concerning privacy (though it still had lots of problems). Yesterday, the Senate basically made it clear that they're done with debating the issue, and will bring the new bill to a vote next week. But now the real fight begins: the fight over the amendments on the bill. A whole bunch of amendments have already been proposed, with a second batch expected to be filed on Monday.

Senator McCain is leading the charge with a whole slew of amendments which are designed to delete basically every last bit of privacy protection that is in the bill. Among many, many other things, McCain's amendments would take away the limitation that any information sharing not go directly to the NSA. As we've noted in the past, a lot of this is a turf battle over whether NSA or Homeland Security gets control of the info, and McCain has been "Team NSA's" biggest cheerleader all along. Furthermore, he wants to remove the limitation that the information can only be used for cybersecurity reasons, making the use of the information much, much broader. There are also all sorts of efforts to take away government liability if information is abused. Basically, everything that's useful or good in protecting privacy? McCain and a few other Senators seem to want to take that away.

On the flip side, there are a few good amendments to increase privacy. Senators Al Franken and Rand Paul are pushing an amendment to strengthen the privacy protections. Senator Wyden is pushing an amendment that basically includes his GPS Act, which basically says law enforcement can't track GPS data without a warrant.

Either way, next week is going to be quite a big fight in the Senate, and the "marginally better" Cybersecurity Act may quickly turn into somethinghorribly destructive to your online privacy. If you care about your privacy, now (and all next week) would be a good time to call your Senator and tell them that any attempt to weaken privacy protections is unacceptable, and that they should get behind the proposals to strengthen privacy protections.

As we noted recently, Mexico's executive branch surprised a lot of people recently by having its ambassador to Japan sign ACTA (just as people were claiming that ACTA was dead in the country). Of course, this came after the Congress had very specifically called for the Mexican President to reject ACTA (long before other countries and the EU Parliament began realizing ACTA was a problem). As we noted, Mexico's IP Office has been telling people that it's sure that it can convince the Mexican Congress to come around to supporting ACTA.

That may be a tougher battle than they originally expected, however. Both houses of the legislature have now passed resolutions condemning the decision to sign ACTA, sometimes with rather pointed language. From the InfoJustice writeup linked here:

The Senate resolution, sponsored by Sens. Francisco Javier Castellon Fonseca, Carlos Sotelo Garcia, Maria Beatriz Zavala Peniche, and Dip. Rodrigo Perez-Alonso Gonzale rejects the signing because it didn’t respect Mexican law on the approval of international economic treaties; it ignored the official Senate recommendation of September 6, 2011; and it violated domestic law and human rights.  This resolution asks the President to take the steps necessary to revoke Mexico's signature from the agreement, and it asks the Ministry of Foreign Affairs to prepare a report on the reasoning behind the signing of the agreement.

The Chamber of Deputies resolution, sponsored by Dep. Jaime Aguilar Alvarez rejects ACTA and calls the executive's disregard of the legislature on this matter an “authoritarian and unilateral stance.”

It does not look like the Congress is going to be convinced to support the ratification of ACTA any time soon.

Wired has a troubling story of how the Senate Armed Services Committee is pushing a bill that would likely kill off an open source NoSQL project that came out of the NSA called Accumulo. Like many other such NoSQL efforts, the NSA basically took some Google white papers about its BigTable distributed database setup, and built its own open source version, with a few improvements... and then open sourced the whole thing and put it under the Apache Foundation. It's kind of rare to see such a secretive agency like the NSA open source anything, but it does seem like the kind of thing that ought to be encouraged.

Unfortunately, the Senate Armed Services Committee sees things very differently. As part of a 600-page bill that's being floated, it actually calls out Accumulo by name, and suggests that it violates a policy that says the government shouldn't build its own software when there are other competing commercial offerings on the market. The reasoning is basically that the government shouldn't spend resources reinventing the wheel if it can spend fewer resources using existing code. You can see the basic reasoning behind that, but applying it here makes little sense. As the article notes, here we're talking about software that's already been developed and released -- not a new effort to rebuild existing software. In fact, those who follow this stuff closely note that Accumulo did "break new ground" with some of its features when it was being built. To then kill it afterwards seems not just counterproductive, but could also create a chilling effect for government open source efforts, which seem like something we should be encouraging, not killing.

What's really odd is the close interest that the Senate seems to be paying to this. The discussion is very specific, naming Accumulo and some of the competing offerings on the market. They're specifically calling out this one product. Of course, as Julian Sanchez notes, there's a bit of irony in the fact that the very same Senate appears to have absolutely no interest in finding out how often the NSA spies on Americans... but sure is concerned about what database it uses to store all of the information it's getting.

Of course... all of this raises a separate issue in my mind: can the NSA even open source Accumulo? I though that creations of the federal government were automatically public domain, rather than under copyright. And, thus, putting it under a specific license might, in fact, present limitations that the government can't actually impose on the software.... Thus, shouldn't the software code actually be completely open as a public domain project? The government should be able set up an Apache-like setup, but one without any restrictions on the code.

Update: Just as we published this, news came in that this amendment was rebuffed, but the point remains: Congress keeps trying to sneak in little favors to Hollywood every chance it gets.

Congress continues to show that it learned absolutely nothing from the SOPA/PIPA mess earlier this year. While we've been focused on the problematic IPAA bill in the House, which would create a high level IP Enforcement "deputy assistant" within the Commerce Department, over in the Senate, Debbie Stabenow is looking to create another such role in the Treasury Department. We just mentioned an effort by the Senate Finance Committee to actually make the Special 301 report useful by having it go after internet censorship... but according to Politico's Morning Tech, Senator Stabenow has very quietly introduced an amendment to that effort, which would increase the role of the Treasury Department as Hollywood's private police force:

A tweak by Sen. Debbie Stabenow made available last night would add to the trade bill her own measure, the Protect American Innovation Act. Among other things, the amendment would establish the position of "director of Intellectual Property Rights Enforcement" at Treasury, while boosting the ability of Customs and ICE to find and seize infringing materials entering the country or to be exported.

Stabenow actually introduced this "Protect American Innovation Act" last year, in the midst of the fight over SOPA and PIPA, and very few people noticed, since all of the attention was on those two bills. But if you look at the details, it's just more of the same. It would increase the Treasury Department's role in intellectual property enforcement, first by establishing a "director of intellectual property rights enforcement" withing the Treasury. That position would be tasked with working closely with ICE -- and ICE would get its own new "coordinator of intellectual property enforcement." You remember ICE. Those are the folks famous for censoring websites based on no evidence, just the RIAA's say-so. Oh, and remember Dajaz1? That's one of those sites that ICE erroneously censored. One of that site's admins lives in Michigan -- Stabenow's home state. But, apparently, Stabenow would rather carry water for Hollywood than protect her own constituents from gross overreach by the US government.

Given how badly ICE screwed up that job, it's amazing that Stabenow wants to increase their authority. But that's what's happening. The bill defines "piracy" as "activities related to production of or trafficking in unauthorized copies or phonorecords of works protected under title 17, United States Code, or related laws." And we thought "piracy" was defined as "an act of criminal violence at sea." But, notice just how broad that text is there. Any production of "unauthorized copies" of works protected under the copyright act. Yeah, if you make a copy... the Treasury Department and ICE might be able to target you.

The bill also says that Treasury/ICE/Customs should get training in new technology for "detecting and identifying, at ports of entry... pirated goods." Given how broad this is, you could read this to mean that your phones, MP3 players and laptops may get scanned at the border for all of the music and movies you have. There was talk of such things in ACTA, but they were rejected when people spoke up -- and now they're back in a bill from Senator Debbie Stabenow who apparently slept through what happened in response to SOPA/PIPA and ACTA.

The bill also gives law enforcement within Treasury/ICE/Customs pretty broad powers, including issuing fines for importing "pirated" goods, and says that such fines "may not be mitigated" unless ordered by a court or "pursuant to regulations issued by the Commissioner." And such fines "may not be dismissed or vacated." In other words, if they catch you with pirated works, they may be required to issue fines. In fact, it says that the mitigation, dismissal or vacation of such fines can only happen for "extraordinary cases." Having a few unauthorized songs on your iPhone isn't extraordinary.

But wait... there's more. While the IPAA, as discussed, would increase US diplomatic efforts to push for IP enforcement abroad... and so would this bill, though in a different area. Rather than IP attaches, now ICE and Customs would be tasked with spreading Hollywood-style maximalism to other countries by increasing staffing to provide training and assistance to other countries in "detecting" such "pirated goods."

There are also a ton of small changes to copyright law, which would take quite a few hours to dig in and see what they actually do. As is typical of these kinds of bills, they don't tell you what the bill would actually now say -- they just say things like "strike from [phrase y] to [phrase x] and insert [random string of terms]." And, sometimes (including here), even these phrases then point you to other laws that you have to piece together as well. You have to sit down, pull up the original, figure out what's being taken out, what's being inserted and what it all means. There appear to be about a dozen such changes which we'll have to go through later, but it wouldn't surprise me to find more trouble in there.

For example, just a quick look at Section 143 of this bill might appear like a minor textual change. It says you have to add the following to a different bill (19 U.S.C. 1595a(c)(2)). What's that? Oh, it's the rules for the government forfeiting your property. And what's the text?

‘(G) it is a technology, product, service, device, component, or part thereof the importation of which is prohibited under section 1201(a)(2) of title 17, United States Code.’.

Okay piece that back into the bill above, and you see that what it's actually doing is increasing the types of things that can be forfeited by ICE and Customs. But how so? Well, you have to jump over to section 1201(a) of Title 17, which is the anti-circumvention provision of the DMCA.

When you sit back and parse it all together, you realize that they're now allowing ICE/Customs to forfeit any circumvention device. Considering how many "circumvention devices" you already own without realizing it, you should be concerned.

Either way, I'm sure there's more in there, but this is just a quick read, because, again, this effort was announced yesterday for markup today. And, yes, while Stabenow released this bill last year, it got little attention because no one thought it was going anywhere. To suddenly jump the line and try to attach it to a separate, important bill, shows the same sort of attempt to sneak through laws for Hollywood without public scrutiny.