Latest CISPA 'Privacy' Amendment Is More Of The Same: Minor Changes Dressed Up As Real Solutions

from the same-old-thing-with-a-new-coat-of-paint dept

Update: It has become a little unclear what the status of this amendment is now. Yesterday we heard that it had passed, but now it seems to have been changed, and it's back up for debate on the floor. We'll get you more updates on whether or not it goes through, and the latest changes, as soon as we can.

In the latest round of changes to CISPA, the House passed a new amendment that supposedly (according to CISPA supporters) addresses the privacy and civil liberty concerns about the bill. The amendment (pdf and embedded below) ostensibly establishes civilian agency control (through Homeland Security) over information shared under CISPA, since many people are reasonably worried about all this data ending up in the hands of the NSA. Unfortunately, as the EFF determined in their initial analysis, it doesn't really change anything—it just lets the DHS go along for the ride:

The amendment in question does not strike or amend the part of CISPA that actually deals with data flowing from companies to other entitities, including the federal government. The bill still says that: “Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes...share such cyber threat information with any other entity, including the Federal Government." The liability immunity provisions also remain.

While this amendment does change a few things about how that information is treated within the government, it does not amend the primary sharing section of the bill and thus would not prevent companies from sharing data directly with military intelligence agencies like the National Security Agency if they so choose.

Indeed, the text of the amendment appears to create a significant role for the DHS in information sharing procedures, but gives it little power in terms of actually protecting privacy or filtering information—the amendment mandates that information still be shared with other agencies in realtime, and it still appears to allow companies and organizations to bypass the DHS entirely.

A portion of the amendment outlines certain privacy guidelines, but they are the same as those we discussed before: filled with enough release valves and escape routes to render them virtually meaningless, closer to a list of "best practices" than actual rules. The fact is that, despite what the bill's supporters and some of the media reporting on it would have you believe, the core problems with CISPA have not been addressed, nor have any of the "efforts" in that direction amounted to much more than a smokescreen. With a final CISPA vote looming at any time, it's never been more important to voice your opposition to the bill.

Filed Under: cispa, cybersecurity, mike rogers

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Pixelation, 18 Apr 2013 @ 7:43am

    Our politicians are wonderful at putting lipstick on pigs.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.