Skip to main content

So CISPA was a big topic this week and according to the ACLU, CISPA is dead.... for now:

The controversial cybersecurity bill known as the Cyber Information Sharing and Protection Act, which passed the House of Representatives last week, will almost certainly be shelved by the Senate, according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation.

The bill would have allowed the federal government to share classified "cyber threat" information with companies, but it also provided provisions that would have allowed companies to share information about specific users with the government. Privacy advocates also worried that the National Security Administration would have gotten involved.

"We're not taking [CISPA] up," the committee representative says. "Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills."

Sen. Jay Rockefeller, D-W.V., chairman of the committee, said the passage of CISPA was "important," but said the bill's "privacy protections are insufficient."

That, coupled with the fact that President Barack Obama has threatened to veto the bill, has even CISPA's staunchest opponents, such as the American Civil Liberties Union, ready to bury CISPA and focus on future legislation.

"I think it's dead for now," says Michelle Richardson, legislative council with the ACLU. "CISPA is too controversial, it's too expansive, it's just not the same sort of program contemplated by the Senate last year. We're pleased to hear the Senate will probably pick up where it left off last year."

That's not to say Congress won't pass any cybersecurity legislation this year. Both Rockefeller and President Obama want to give American companies additional tools to fight back against cyberattacks from domestic and foreign hackers. - U.S. News, 4/25/13

Here's some more ugly details about CISPA:

The first step in understanding how cybersecurity works is to accept that your online data is already being scanned. Government, law enforcement, and private companies are all on the lookout for suspicious-looking Internet activity. Spammers, botnets, and malicious hacks into sites like Twitter fall into one broad category of cybercrime. Of even greater concern are attempts to attack “critical infrastructure” (such as power and water utilities, and communication networks), or civilians.

CISPA would let private companies share data with law enforcement officials and government agencies if the data qualifies as what the bill calls “cyber threat information” that could help solve a crime. That term’s vagueness is a big part of the privacy problem, says Jeramie Scott, national security fellow at the Electronic Privacy Information Center. “It uses terms like ‘vulnerability to a network’ and ‘threat to the integrity of a network’ in its definition that are left to the private sector to interpret,” Scott says.

CISPA’s vagueness gives private companies a lot of wiggle room to overshare information. “Say a social networking site suffers a denial-of-service attack,” Scott says. “The site could just offer the more relevant diagnostic details to the government, but it could also provide the personal information on all the profiles affected—including, for example, who you’re connected with, and profile bio details—as long as the social network deemed the information part of the ‘cyber threat information.’”

According to legislative counsel Michelle Richardson of the American Civil Liberties Union, every stupid spam you receive from Nigeria could make your data fair game for further investigation. “These are everyday occurrences that are cybersecurity events under the bill,” says Richardson. Rainey Reitman, activism director at the Electronic Frontier Foundation, says that a service could share any data that it deemed “cyber threat information” and could do so “without legal process, so long as it was in ‘good faith’ and for a ‘cybersecurity purpose.’”

The ACLU’s Richardson adds that under CISPA, the data sharing will be smooth—really smooth. Instead of going through a process in which the government specifically requests information, “they are talking about some sort of process that is automatically going to forward stuff to the government,” says Richardson.

If data is going to be routed automatically, when and how PII gets stripped from the data becomes a bigger issue. Unfortunately, no one is talking about making user identities completely anonymous. No, the people behind CISPA are satisfied with mere “minimization”—making a reasonable effort to remove PII. Here’s where the definition of “cyber threat information” once again comes into play, says EPIC’s Scott: “CISPA does not require [a private company] to remove or otherwise narrow the information provided to the government as long as it falls under the broad umbrella of cyber threat information.”

 Though it would seem to make sense for the providing company to strip PII from the data they share, under CISPA that task falls to the government. David LeDuc is senior director of public policy for the Software & Information Industry Association, a major trade group representing software developers and digital content businesses, which supports CISPA. LeDuc downplays the importance of PII in cybersecurity, saying that it isn’t what interests professionals engaged in fighting cybercrime. “Security experts look for trends,” he says, “the prevalence of certain behaviors, and propagation patterns for malware—not at personal information.”

LeDuc also points out that CISPA was amended from making government-based minimization optional to making it mandatory. “The federal government must minimize information it receives from the private sector to take out information about specific persons not necessary to respond to a cyber threat,” he says.

However, this amendment doesn’t address the question of what happens to data shared between private companies. Because only the government has the job of minimizing PII under CISPA, private companies may share relatively PII-rich data among themselves without making any effort toward minimization. In speaking before the House vote on CISPA, Representative Adam Schiff (D-California) made clear his disapproval. “Private entities can share information with each other without ever going through the government,” he said. “In those circumstances, how can the government minimize what it never possesses? So government-side minimization alone, which is all this bill includes, is not enough.”

Congressman Schiff had introduced an amendment to address this loophole, but he complains that CISPA’s sponsors never brought it before the House for a vote. - PC World, 4/24/13

We may have won this battle but we will need to get ready for the next battle:

CISPA's authors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), adopted several amendments to assuage privacy and civil liberty concerns. Advocacy groups say the bill's description of which data can be shared with the government is too broad and fails to keep Internet users' data from spy agencies.

But the White House said earlier this month the amendments to CISPA did not go far enough and threatened to veto the bill.

Rogers and Ruppersberger, however, remain hopeful that the Senate will pass legislation with information-sharing measures similar to CISPA, a staffer for the House Intelligence Committee said.

The developments are similar to last year's when the House passed CISPA despite a White House veto threat, and the Senate never took up the bill. Instead, senators focused on legislation that set computer security standards for companies operating critical infrastructure like power plants. The Senate then failed to pass a cyber bill after Republicans blocked the legislation, citing costly new regulations for companies.

Since then, national concerns about cybersecurity have only intensified following several high-profile attacks linked to China and members of the hacking group Anonymous.

Many experts have warned that Congress needs to pass a cybersecurity bill because the nation's most vital computer systems are increasingly vulnerable to cyber attacks that could lead to economic loss, sustained blackouts or mass casualties. Top intelligence officials now say hackers pose a greater national security threat than terrorists. - Huffington Post, 4/25/13

But there's a catch here and you're not going to like it:

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

"The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off."

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as "2511 letters," a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department. - CNET, 4/24/13

So yeah, we still have this issue to address.  But Fight For The Future nails it on the role CISPA would've had in this:
CISPA is just legislative backup for what the U.S. government has been already doing secretly (and possibly illegally) -- violating our online privacy rights.
So yeah.  We are going to have to make cyber security and privacy big issues in our upcoming elections and hold politicians who support CISPA accountable.  Luckily Congressman Bruce Braley (D. IA-01), who is running for Senator Tom Harkin's (D. IA) seat, has been a loud vocal opponent of CISPA and has stated so on his website:

The US House has passed the Cyber Intelligence Sharing and Protection Act (CISPA). Now, it moves to the Senate.

Just like the Stop Online Privacy Act (SOPA) defeated last year, CISPA radically alters the law to allow government agencies to violate your privacy by sharing information with private companies and by allowing corporations to share information with the government.

CISPA is just another attempt to roll back online freedom. It opens the door to Internet censorship. -

As you can see in the video link in the top of my diary, Braley also spoke out and voted against SOPA after listening to his constituents' concerns.  Braley understands perfectly that we value our privacy and our rights to free information and freedom of expression.  That's why we need to get him elected to the Senate.  I believe Braley is the type of guy who will not only stand up for citizens privacy but also stand up to the President.  We need to make it clear that we want more guys like Braley in the Senate.  

Senator Harkin's been campaigning for Braley:

It's official. I'm backing Bruce Braley for US Senate.

Bruce is everything I wanted to see in a candidate for U.S. Senate, and I'm very proud to be backing him.

But with Tea Party champion Steve King inching closer to a campaign of his own, you know this is going to be a tough race -- and he can't do this alone.

Will you join me and contribute $4 now to tell Bruce Braley that you back him too?

When I announced in January that I wouldn't seek a sixth term in the Senate, I said there were two things I wanted to see from a Democrat running for this seat.

First, they needed to be a proud, pragmatic progressive with a track record of bringing together Democrats, Independents, and even some Republicans to win elections.

Second, I wanted to see someone who has a track record of working from principled positions to reach across the aisle and get things done.

It's clear to me that Bruce is the one Iowa Democrat who is exactly the kind of pragmatic progressive I was looking for.

And he needs our help now.

Click here to contribute $4 today, and join me in backing Bruce Braley!

If Steve King jumps into this race, the amount of national Tea Party money backing him will be massive. Bruce needs to be ready for that onslaught. Please contribute to his campaign now!

Thanks for all you do.


Harkin also believes that the Evangelical Tea Party base has scared away the more electable candidates:

"The religious right and the tea party people in Iowa have so cowed the moderates in the Republican Party that moderate Republicans are afraid to step forward," Harkin told Hotline On Call. "Because they know they'll get creamed in a primary."

Harkin, who spoke enthusiastically of Rep. Bruce Braley, D-Iowa, the de facto Democratic nominee, nonetheless said the Iowa GOP has plenty of strong potential candidates capable of beating Braley in November. But he doubts any of them would be acceptable to a party base that, in his view, favors ideological purity over electability.

"There's a lot of solid, moderate Republicans in Iowa that ... could get independents and even some Democrats to vote for them. But I don't see them running," Harkin said. "They might be able to win a general, but they just can't win a primary."

One of those candidates, Harkin said, is Lt. Gov. Kim Reynolds, who announced this week she won't run for Senate. Harkin, who said he has "always liked" Reynolds, said he was surprised -- and relieved -- at her decision.

"Quite frankly, I thought she might be their lone chance," Harkin said. "I was very surprised. ... She would have been a legitimate candidate." - National Journal, 4/26/13

And of course Tea Party Congressman Steve King (R. IA-4) still thinks he can win this race if he enters:

He’s looking at data and consulting with friends and political advisers, King said on C-SPAN’s Washington Journal April 25. In the end, running for the Senate has to feel right in his “head, gut and heart … in that order.”

Conventional wisdom is that if he runs, he will not face a primary challenge. If King doesn’t run, Iowa political observers foresee several candidates stepping forward.

Whoever runs, King said, will face an “uphill battle,” but not an insurmountable challenge.

“Barack Obama started his movement in Iowa and that does make a difference,” he said. “Organizing for America is now institutionalized.”

However, he pointed out that the costs associated with health care reform will hit in January 2014 and that is likely to renew talk of repealing ObamaCare.

“That could be a pivotal issue,” he said.

Also, he is encouraged by Republican success in states that lean more Democratic than Iowa. The election of GOP Sens. Ron Johnson in Wisconsin and Pat Toomey in Pennsylvania “makes it a plausible thing to have Steve King in Iowa.”

King said he’s “very close … within weeks” of making a decision.

“When that’s done, I’m either going to launch forward on a campaign that will be all out or turn around and go back to running a campaign for re-election,” King said. “I don’t know which, but I hope to be on the ballot in the fall of 2014.” - WCF Courier, 4/25/13

But of course, I leave you with this warning from Senator Harkin:

“I've never underestimated Steve King,” Harkin told The World-Herald. “He is a smart guy. He is a tough campaigner.” - Omaha World-Herald Bureau, 3/6/13
If you would like to get involved with Braley's campaign, you can do so here:

Originally posted to pdc on Sat Apr 27, 2013 at 08:00 AM PDT.

Also republished by The Democratic Wing of the Democratic Party.

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site