Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments

from the last-minute-push dept

Update: The White House has now officially threatened to veto CISPA.

In Congress, this week is CISPA week. With the bill going up for debate tomorrow, and the final vote scheduled for Friday, it's clear that the voice of the internet community has had an impact. The reps have been proposing their final amendments, and all are clear attempts to address some of the biggest criticisms from civil liberties groups and the public. CISPA has strong bi-partisan support and a very good chance of passing—and unfortunately, it's still a highly problematic bill. But, while the proposed amendments cannot perfect it, some of them could certainly reduce its potential for abuse in significant ways. If you're looking for a practical way to fight back against the serious privacy violation that CISPA represents in these final days before its potential passage, encouraging your representative to support these amendments is a good place to start.

There are two in particular that, though simple, would make drastic improvements on CISPA by refocusing it on network security and minimizing the chance of shared data being used to go after individuals. An amendment from Rep. Barton (pdf and embedded below) would insert the sensible requirement that shared data will only include personal information (further defined to include the content of any communications and even IP addresses) if it is necessary to combat a specific cyber attack. Another, even better amendment from Rep. Akin (pdf and embedded below) goes a step further and would bring CISPA back in line with the fourth amendment by barring the sharing of any personally identifiable information without a warrant. Of course, it's annoying that such an amendment is necessary—but the whole point of CISPA is to route around well-established requirements like going to a judge before violating someone's privacy. Though the bill still creates all sorts of potential privacy problems, the Akin amendment fixes a big one.

Rep. Thompson has also proposed an amendment (embedded below) that is supposed to address privacy concerns, and TPM reports that it is being backed by Ron Paul, who got attention earlier this week with a strong condemnation of CISPA. However, the Thompson amendment seems to lack teeth: it has a lot of talk about "minimizing" the impact on privacy and making "reasonable efforts" to remove personal information, and graciously offers to consult with "civil liberties stakeholders" (wouldn't that be everybody?), but it sets down no firm requirements or limitations. Despite being a fraction of the length, both the Akin and Barton amendments would do far more to fix CISPA, because they clearly prohibit certain activities.

Thompson's other proposed amendment (embedded below), however, is very good: it would limit the government recipients of the data from the overly broad "Federal Government" in the current bill to just Homeland Security and other civilian agencies. This addresses the significant fear that the NSA could use CISPA to expand their already-aggressive data collection programs. While civilian agencies and the DHS especially are hardly perfect, this would still be a lot better than handing data collected under CISPA over to the intelligence community.

There are other amendments on the table too, but these are some of the ones that get directly to the core privacy issues that make CISPA so dangerous. The CDT has a post taking a look at others. Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday's vote is still not guaranteed there's no reason to stop speaking out against CISPA as a whole. But it's also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.









Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 10:42am

    I'm looking at Bartons and...

    I can't conceive of why financial account passwords would be needed to thwart a cyber-security threat?
    I can see forwarding transaction history, or working with a financial provider to freeze an account - but I can't see where it would be appropriate for law enforcement to access an account directly.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 10:46am

    Re: I'm looking at Bartons and...

    Barton's also left a huge loophole at the end:

    Any other similar personal content that the Director of National Intelligence determines is appropriate to be considered personal information.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    :Lobo Santo (profile), Apr 25th, 2012 @ 10:48am

    Re: Re: I'm looking at Bartons and...

    You see, if there's too much money in the suspects account, they can remove some electronically prior to arrest and trial...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Rich Kulawiec, Apr 25th, 2012 @ 10:48am

    CISPA isn't fixable

    No amendment or collection of amendments can fix this, any more than any set of modifications could turn a 1974 Ford Pinto into a Formula 1 race car. The problem is that the entire philosophy behind the bill is wrong. (Okay, that's not the only problem, but it's the fundamental one.)

    And the philosophy is wrong because the authors didn't bother to talk to any of us who've actually been doing this stuff for a long time. They didn't bother to learn. They didn't both to hear about things that work and things that we're pretty sure are never going to work. They didn't talk to Ranum and Bellovin and Spafford and Cheswick and Schneier and Felten and Halderman and Weinstein and Neumann and Edelman and Crocker and Lewis and Forno and and and...

    If they had, and if they'd listened, then maybe they'd realize that the entire approach they've taken is not only ill-advised and fraught with extremely serious privacy issues, but its most likely outcome is to make things much worse.

    But as it stands, they're meddling in things that they don't understand, at the behest of the OMG!OMG!CYBERWAR cheerleaders and with the backing of all the ersatz security companies ready to sell horribly overpriced snake-oil. This won't end well.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 10:51am

    Thompson's

    I had to laugh when I read Thompson's that says that DHS should be in charge of making sure that the privacy impact is minimized.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 11:06am

    Why fix it at all. Lets stop it dead and leave it in a gutter somewhere.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    gorehound (profile), Apr 25th, 2012 @ 11:15am

    Re: CISPA isn't fixable

    +1
    In other words these people do not really care and they are putting on a little show to gain some public favor.
    I will Vote against anyone who supports this Bill and says YES to it.
    CISPA & their other pitiful attempts wit the Internet which are coming after this one are all written by those who have very little Technical Knowledge at all.
    But they will give out jobs to those who Lobbied them with the Big Bucks and the 99.9999999999999% of the rest of us will not be one bit happy at all at the Results.Things will be worse not better.
    DUH !

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 11:16am

    "Fixing"

    They will not fix anything. We are talking about Congress here. Silicon Valley is ignoring the people on this one. You can't fix it. You can only kill it. The people have to speak out or else they will "fix" it, and the bill will still act as it is designed too.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 11:25am

    Reading politico I get a strong feeling that the House's Friday vote on this has little to do with cyber security, and more to do with attempting to make Obama and senate democrats look bad by daring them not to pass a bill designed to defend America against something. That way if there's a cyber attack between now and election day house republicans and Romney can blame Obama & democrats for not taking cyber security seriously enough.

    And this my friends is the worst way to write legislation. remember the PATRIOT act, rushed through to defend us from evil terrorists who caused 9/11 by a 99 to 1 vote in the senate? Yeah, turned out to not be such a good idea to lots of people once they learned about it's violations of American's privacy.

    And then there was the Wall Street bailout, passed a few months before the 2008 election, with strong bipartisan support, including both presidential candidates. Because we HAD to do something, and giving hundreds of billions of dollars to the very people who caused the big economic mess seemed like the best idea that both parties could agree to. Yet studies showed spending that kind of money on ANYTHING would have had mostly the same effect at helping the economy.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    ltlw0lf (profile), Apr 25th, 2012 @ 11:28am

    Re: Re: Re: I'm looking at Bartons and...

    You see, if there's too much money in the suspects account, they can remove some electronically prior to arrest and trial...

    Law enforcement is expensive, as is the court system. They are just recouping their costs ahead of time. Its cheaper than arresting them, holding them and their accounts hostages, then having both disappear into the system never to be heard from again. Just wait until they codify capital punishment for companies and people they don't like and things will get much easier for them.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 11:54am

    Re: CISPA isn't fixable FTFY

    This won't end well for the non snake-oil salesmen.

     

    reply to this | link to this | view in thread ]

  12. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 12:08pm

    LOL! Mike has B-teamer Leigh trying to rally the troops. If Mike really thought Techdirt could sway anything here, he'd be leading the charge himself so as not to miss out in the glory. Instead, he's got some idiotic Canadian leading the charge for against U.S. legislation. Worry about your own stupid fucking country, Leigh. You guys are such fucking huge jokes.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 12:16pm

    "Now Is The Time To Improve CISPA Before Friday's Vote By Pushing These Critical Amendments"

    and why should this bill even pass?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Traveller800 (profile), Apr 25th, 2012 @ 12:20pm

    Re:

    oh...so you're a troll AND a racist against canadians.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 12:33pm

    Re:

    Read the last paragraph of the article again:
    Ultimately the best solution would be to toss the bill out and start again, drafting sensible cybersecurity legislation that is evidence-based (starting with an evaluation of whether or not its even needed), and since Friday's vote is still not guaranteed there's no reason to stop speaking out against CISPA as a whole. But it's also a good idea to ensure that the bill is as good as it can possibly be when it goes up for vote, by pressuring Congress to adopt these critical amendments.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 1:49pm

    Apparently I don't understand the legislative process. When a bill is being drafted, isn't there a legal staff available to advise on the ecosystem in which the bill will operate? In CISPA's case, that means the Wiretap Act, the Electronic Communications Privacy Act, etc. I can only conclude that 1) no such advisory process exists, 2) the process was skipped, or 3) Rep. Rogers and the other cosponsors understand, but don't care about its privacy implications. Each of these conclusions is downright scary!

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), Apr 25th, 2012 @ 3:07pm

    Re:

    Part of the problem is that so many of these bills are drafted directly by the lobbyists, and it's their legal staff that gives the advice.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Mason Wheeler, Apr 25th, 2012 @ 4:57pm

    Re: Re:

    I was unaware that "Canadian" was a race...

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 6:13pm

    No.

    CISPA in any form is unacceptable. Amendments are not acceptable because the basic bill itself is not acceptable. This is a solution in search of a problem, therefore the need for it to exist is null.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Candid Centrist, Apr 25th, 2012 @ 6:26pm

    Re: Anonymous Coward, Apr 25th, 2012 @ 11:25am

    You have it all backwards. Obama knows that Congress will veto his veto, just as they did with NDAA 2012. He's just trying to win the minds of voters by "opposing" this heinous Bill.

    We'll never know if he's a fan if it, but considering he updated NDRP and H.R. 347 all on his own, I think he's a fan of anything of the statist agenda.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Apr 25th, 2012 @ 7:26pm

    Re:

    Hey, Warner Music is being led by a Canadian and the RIAA has been championing legislation for how long now?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This