CISPA is back. Take action and contact your representatives at this Electronic Frontier Foundation
action page. Support the
#StopCISPA and
#CISPABlackout hashtags on Twitter. Use the social media links at the top of this page to "like" and "tweet" this to spread the word.
Lawmakers Cite Boston Bombing, WikiLeaks "Hacking" as Reasons to Pass CISPA
But yesterday, when the House was debating the contentious bill, CISPA advocates didn’t seem to be paying attention to any of those issues. Rep. Mike McCaul, R-Texas, cited the Boston bombings while arguing for CISPA to be adopted. “In the case of Boston, they were real bombs,” McCaul said, adding that we also need to arm ourselves against “digital bombs. These bombs are on their way.” Similarly apocalyptic statements were made by Rep. Candice Miller, R-Mich., who made no mention of Boston, though argued that CISPA was needed to stop hackers in countries like Iran and North Korea from crippling American infrastructure and causing the destruction of American jobs. Rep. Dan Maffei, D-N.Y., even used the debate to take aim at WikiLeaks, bizarrely claiming CISPA was needed to stop the whistleblowing website from pursuing efforts to “hack into our nation’s power grid.”
In the aftermath of tragic events or amid heightened global tensions, it’s hardly unusual for lawmakers to make emotive appeals in pursuit of new national security powers. Public opinion in the aftermath of a distressing terror attack in particular can sway citizens in favor of handing the authorities more intrusive surveillance powers, as occurred in most Western democracies in the aftermath of 9/11 (the Patriot Act being just one example). In the case of CISPA, however, it is tenuous in the extreme to draw sweeping links between cyberattacks and pressure-cooker bombs tearing through a Boston street, or cyberattacks and WikiLeaks, or cyberattacks and whatever else is agitating U.S. lawmakers on a given day. Exploiting every perceived threat to counter a push for greater CISPA privacy protections is brazenly cynical—and, I’d argue, ultimately doomed to fail.
CISPA Passes House, Obama Veto Threat Likely Untrue Making Senate Key Battleground
Despite public statements to the contrary, there are considerable doubts if President Obama would veto this bill. Obama made similar promises regarding NDAA which he broke when he signed the bill and made it law. If anything his veto threat is likely a smoke screen to slow down activists and help the bill advance.
President Barack Obama signed the National Defense Authorization Act of 2013 on Wednesday, despite his own threat to veto it over prohibitions on closing the Guantanamo Bay prison camp.
Security Experts: CISPA Not Needed, Would Do More Harm than Good
In their letter to lawmakers, the group of Internet engineers, security experts and academics said that passing CISPA would be a major mistake.
“We appreciate your interest in making our networks more secure, but passing legislation that suffers from the problems above would be a grave mistake for privacy and civil liberties, and will not be a step forward in making us safer,” they wrote.
But most of the web giants like Google and Facebook which opposed SOPA are now supporting CISPA.
Why? Probably because SOPA would have held them responsible for their users’ actions, while CISPA won’t make the web giants responsible. In other words, they don’t have skin in the game this time around.
CISPA Moves To the House Floor, Still Deeply Flawed
Such a shift would be a sea change in cybersecurity policy and a threat to civil liberties.
[...]
Militarizing Cybersecurity and Putting It Behind the Intelligence Curtain. The federal government’s cybersecurity program for the private sector (other than defense contractors) has always been in civilian, not military hands. This is important because civilian control means more transparency and accountability. This builds trust, public acceptance and industry participation. Last year, the lead Senate cybersecurity bill (the “Lieberman bill”) would have clearly affirmed civilian control. The Administration endorsed the Senate bill as did the intelligence community. CISPA is the outlier on this issue: It declines to affirm civilian control and would thereby allow power and leadership to shift to the National Security Agency.
[...]
Military vs. Civilian Control. Instead of giving the lead to the Department of Homeland Security, a civilian agency charged with cybersecurity responsibilities for the private sector, CISPA marginalizes DHS. In fact, at mark-up the bill got worse on this issue. Under an amendment the Committee adopted, the Director of National Intelligence – not the Secretary of DHS – sets the information sharing rules for federal agencies throughout the government, and any civil liberties protections they might include. This affirms the shift of control of the cyber security program toward intelligence and military control, and away from the more transparent and accountable DHS.
[...]
Though the Intelligence Committee made improvements to CISPA, CDT opposes the legislation because it would shift control of the government’s cybersecurity program for private companies from civilian to military control, thus diminishing program transparency and accountability. The bill also fails to require companies to take reasonable steps to strip out irrelevant personally identifiable information before they share cyber threat information, pre-empts all law with uncertain results, and invites reckless and negligent cybersecurity decisions that could damage others’ networks.
Coalition Letter in Opposition to CISPA
April 15, 2013
Dear Representative:
Earlier this year, many of our organizations wrote to state our opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We write today to xpress our continued opposition to this bill following its markup by the House Permanent Select Committee on Intelligence (HPSCI). Although some amendments were adopted in markup to improve the bill’s privacy safeguards, these amendments were woefully inadequate to cure the civil liberties threats posed by this bill. In particular, we remain gravely concerned that despite the amendments, this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, including with military agencies.
CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command.
Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence ommunity, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and a requirement that companies make “reasonable efforts” to remove personal information that is unrelated to the cyber threat when sharing data with the government. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed earlier this year that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so.
We continue to oppose CISPA and encourage you to vote ‘no.’
Sincerely,
Access
Advocacy for Principled Action in Government
American Arab Anti-Discrimination Committee
American Association of Law Libraries
American Civil Liberties Union
American Library Association
Note that Pelosi says
"in its current form".
Nadler is good on a lot of issues. Notice how he hedges on CISPA by saying it "needs to be improved". So based on these statements by Democrats, the veto threat is almost certainly not a full opposition to CISPA, but more like NDAA, pressure to tweak it.