Tag Archive: CISPA

Apr 27 2013

CISPA IS Dead, For Now

CISPA Kitty photo blog_cispacat_zps96b502e5.jpgThe Senate will not vote on the Cyber Intelligence Sharing and Protection Act, CISPA, that was passed by the House last week.

Sen. Jay Rockefeller (D-W.V.), who is chairman of the Senate Commerce Committee, “believes that information sharing is a key component of cybersecurity legislation, but the Senate will not take up CISPA,” a committee staffer told HuffPost.

A staffer for the Senate Intelligence Committee said the committee also is working on an information-sharing bill and will not take up CISPA.

“We are currently drafting a bipartisan information sharing bill and will proceed as soon as we come to an agreement,” Sen. Dianne Feinstein (D-Calif.), chairwoman of the Senate Intelligence Committee, said in a statement Thursday.

CISPA Is ‘Dead for Now,’ Thanks to a Left-Right Coalition for Online Privacy

by John Nichols, The Nation

What brings the most seriously libertarian Republican in the US House, Michigan’s Justin Amash, together with Congressional Progressive Caucus co-chair Keith Ellison, D-Minnesota?

What unites long-time Ronald Reagan aide Dana Rohrabacher, R-California, with liberal firebrand Alan Grayson, D-Florida?

What gets steadily conservative former House Judiciary Committee chair James Sensenbrenner, R-Wisconsin, together with progressive former House Judiciary Committee chair John Conyers Jr., D-Michigan?

The Fourth Amendment to the Constitution, which has for 222 years promised that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

That’s an old commitment that members of Congress swear an oath to uphold. [..]

CISPA actually won 288 “yes” votes in the House, but the 127 “no” votes-coming from principled members on both sides of the aisle-sent a strong message to the more deliberative Senate. In combination with a grassroots campaign spearheaded by tech-savvy privacy activists and a threatened veto by President Obama, the bipartisan House opposition appears to have convinced Senate leaders have signaled that they plan to put the legislation on hold. The American Civil Liberties Union on Thursday suggestion that CISPA looks to be “dead for now.”

ACLU: CISPA Is Dead (For Now)

By Jason Koebler, US News

The Senate will not take up the controversial cybersecurity bill, is drafting separate legislation

“I think it’s dead for now,” says Michelle Richardson, legislative council with the ACLU. “CISPA is too controversial, it’s too expansive, it’s just not the same sort of program contemplated by the Senate last year. We’re pleased to hear the Senate will probably pick up where it left off last year.”

That’s not to say Congress won’t pass any cybersecurity legislation this year. Both Rockefeller and President Obama want to give American companies additional tools to fight back against cyberattacks from domestic and foreign hackers.

But cybersecurity legislation in the Senate, such as the Cybersecurity and American Cyber Competitiveness Act of 2013, has greater privacy protections than CISPA does. Richardson says that bill makes it clear that companies would have to “pull out sensitive data [about citizens]” before companies send it to the government and also puts the program under “unequivocal civilian control,” something CISPA author Rep. Mike Rogers, R-Mich., was unwilling to do.

Even if the Senate gets something done, Rogers and other CISPA supporters will likely have to compromise more than they’ve been willing to over the past year as Obama has made it clear he will veto legislation that doesn’t have more privacy protections.

CISPA Is Dead. Now Let’s Do a Cybersecurity Bill Right

by Julian Sanchez, Wired

Americans have grown so accustomed to hearing about the problem of “balancing privacy and security” that it sometimes feels as though the two are always and forever in conflict – that an initiative to improve security can’t possibly be very effective unless it’s invading privacy. Yet the conflict is often illusory: A cybersecurity law could easily be drafted that would accomplish all the goals of both tech companies and privacy groups without raising any serious civil liberties problems.

Few object to what technology companies and the government say they want to do in practice: pool data about the activity patterns of hacker-controlled “botnets,” or the digital signatures of new viruses and other malware. This information poses few risks to the privacy of ordinary users. Yet CISPA didn’t authorize only this kind of narrowly limited information sharing. Instead, it gave companies blanket immunity for feeding the government vaguely-defined “threat indicators” – anything from users’ online habits to the contents of private e-mails – creating a broad loophole in all federal and state privacy laws and even in private contracts and user agreements.

Given that recent experience has shown companies shielded by secrecy often err on the side of oversharing with the government, that loophole was a key concern. So why the gap between what the law permits and its supporters’ aims?

It’s a principle wonks call tech neutrality. Nobody wants to write a bill that refers too specifically to the information needed to protect current networks (like “Internet Protocol addresses” or “Netflow logs”) since technological evolution would render such language obsolete over time.

Apr 19 2013

Stop CISPA Moves to the Senate

Stop CISPA The controversial data sharing bill, Cyber Intelligence Sharing and Protection Act (CISPA) was passed by the House by a vote of 288 – 127, as 92 Democrats voted for the bill, while 29 Republicans voted against it. The bill passed without the privacy protections that civil liberties advocates felt were necessary, an objection that was echoed by the White House with a veto threat earlier this week. An attempt by the lead sponsors of the bill, Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), offered an amendment to mollify the objections but privacy advocates stated that it fell short of what was needed to safeguard an individual’s right to privacy.

Amendments that were proposed to protect Fourth Amendment rights were not even allowed debate by the rules committee:

Rep. Alan Grayson, a Florida Democrat, proposed a one-sentence amendment (PDF) that would have required the National Security Agency, the FBI, Homeland Security, and other agencies to secure a “warrant obtained in accordance with the Fourth Amendment” before searching a database for evidence of criminal wrongdoing.

Grayson complained this morning on Twitter that House Republicans “wouldn’t even allow debate on requiring a warrant before a search.” [..]

CISPA is controversial because it overrules all existing federal and state laws by saying “notwithstanding any other provision of law,” including privacy policies and wiretap laws, companies may share cybersecurity-related information “with any other entity, including the federal government.” It would not, however, require them to do so. [..]

Because Grayson’s amendment was not permitted, CISPA will allow the federal government to compile a database of information shared by private companies and search that information for possible violations of hundreds, if not thousands, of criminal laws. [..]

“The government could use this information to investigate gun shows” and football games because of the threat of serious bodily harm if accidents occurred, Polis said. “What do these things even have to do with cybersecurity?… From football to gun show organizing, you’re really far afield.”

At the heart of CISPA is warrantless searches a clear violation of the Fourth Amendment which reads:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

This has had a strange effect of uniting the left and right in the opposition to the bill. The Tea Party aligned group Freedom Works issued this statement:

CISPA would allow for more information sharing between the private sector and the federal government regarding cyber security. Although this year’s CISPA is a net improvement over last year’s bill, it still leaves open concerns about private information being shared in the name of national security.

There are grave Fourth Amendment concerns with CISPA. The bill would override existing privacy laws to allow companies to share “cyber threat information” with the federal government without making any reasonable effort to strip out any personal information from the file.

They even have a site to actively Stop CISPA along with the ACLU and the Electronic Freedom Foundation. Strange bedfellows, indeed.

Passage in the Senate without addition of privacy protections is doubtful but one never knows:

The discussion now shifts to the Democrat-controlled Senate, which appears unlikely to act on the legislation in the wake of a presidential veto threat earlier this week, and an executive order in January that may reduce the need for new legislation. Today’s House vote, on the other hand, could increase pressure on the Senate to enact some sort of legislation.

Sen. John Rockefeller, a West Virginia Democrat who was involved in last year’s cybersecurity debate, said after today’s vote that “CISPA’s privacy protections are insufficient.” Still, Rockefeller said, “I believe we can gain bipartisan agreement on bills that we can report out of our committees and allow [Majority Leader Harry Reid] to bring them to the Senate floor as early as possible.”

We urge everyone to keep the pressure on the Senate and the White House by calling and e-mailing your objections:

The White House switchboard is 202-456-1414.

The comments line is 202-456-1111.

The White House email address is here

Numbers for the Senate are here.

E-mail addresses for the Senate are here

Please be polite and on point.

The late internet activist Aaron Swartz called CISPA the “The Patriot Act of the Internet”.

Contact the White House and your Senators to protect your privacy rights.

Apr 17 2013

52 hours left to stop CISPA

Stop CISPATime to take action. As I reported last week the Cyber Intelligence Sharing and Protection Act(CISPA) was sent to the House for a vote.

From an e-mail that Joan McCarter at Daily Kos posted the e-mail from the White House issuing a veto threat of the bill as it currently stands:

The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 in an effort to incorporate the Administration’s important substantive concerns. However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill. The Administration seeks to build upon the continuing dialogue with the HPSCI and stands ready to work with members of Congress to incorporate our core priorities to produce cybersecurity information sharing legislation that addresses these critical issues.

H.R. 624 appropriately requires the Federal Government to protect privacy when handling cybersecurity information. Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government. The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable-and not granted immunity-for failing

to safeguard personal information adequately. [emphasis in original]

House Democrats are now rallying in opposition to the bill:

Four Democratic members say the Cyber Intelligence Sharing and Protection Act, or CISPA, as written “would undermine the interests of citizens and their privacy” despite the addition of five privacy-focused amendments adopted to the bill last week. They argue that the amendments do not go far enough to ease their concerns.

“Without further amendments to protect privacy and civil liberties, we cannot support the bill,” the House Democratic lawmakers write in the “Dear Colleague” letter.

“The bill has improved from earlier versions, but even with the amendments adopted, CISPA unacceptably and unnecessarily compromises the privacy interests of Americans online,” they add.

Reps. Adam Schiff (D-Calif.), Jan Schakowsky (D-Ill.), Anna Eshoo (D-Calif.) and Rush Holt (D-N.J.) signed the letter.

The House Rules Committee will meet on Tuesday afternoon to approve the rule for the bill, which will determine what amendments will be voted on in the House later this week. House members have until Tuesday morning to file their proposed amendments to the bill.

There are twelve Democratic co-sponsors to the bill. We need to send tell them to withdraw their support:

Ruppersberger, A. Dutch [D-MD2]

Costa, Jim [D-CA16]

Cuellar, Henry [D-TX28]

Enyart, William [D-IL12]

Gutierrez, Luis [D-IL4]

Hastings, Alcee [D-FL20]

Kilmer, Derek [D-WA6]

Lipinski, Daniel [D-IL3]

Peters, Scott [D-CA52]

Sewell, Terri [D-AL7]

Sinema, Kyrsten [D-AZ9]

Vargas, Juan [D-CA51]

The Electronic Freedom Foundation (EEF) is urging action:

The Cyber Intelligence Sharing and Protection Act (CISPA) is supposed to promote cybersecurity- a goal EFF wholeheartedly supports – but it doesn’t address common-sense network security issues. Instead, it creates a new, dangerous exception to existing privacy laws. That’s why hundreds of thousands of concerned Internet users have joined EFF and other civil liberties groups in opposing the bill. This is our last chance to stop it in the House.

Despite recent amendments, CISPA still features vague language that could put your personal information in the hands of military organizations like the National Security Agency.

Can you call your representative and tell him or her to oppose this bill?  We’ll give you the phone number for your representative and a very brief suggested script. Click here to call Congress now.

Not in the United States? Click here to sign our petition.

We want to generate thousands of calls between now and the vote-likely on Thursday.  Please call now and then tell your friends to speak out on this important issue. It’s as easy as posting this on your social networking accounts:

   Congress is about to vote on CISPA. If you care about online privacy, you’ve got to speak out now:  https://eff.org/r.5bPw

You can also use Twitter tool to tell key members of Congress to stand up for your privacy and vote NO on CISPA.

The White House switchboard is 202-456-1414.

The comments line is 202-456-1111.

Numbers for the Senate are here.

Numbers for the House are here.

The late internet activist Aaron Swartz called CISPA the “The Patriot Act of the Internet”.

Call the White House and your representatives to protect your privacy rights.

Apr 12 2013

Stop CISPA: Bill Headed For Vote

Stop CISPA Last month the controversial Cyber Intelligence Sharing and Protection Act (CISPA) was resurrected in the House by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.).

Following a closed-door meeting, the bill was voted out of the House Intelligence Committee Wednesday afternoon by a vote of 18-to-2 and privacy experts are up in arms over the lack of privacy protection that were stripped from the bill. Only two Democrats voted against the bi;;, Rep. Jan Schakowsky (D-IL) and  Rep. Adam Schiff (D-CA).

Stopping short of a veto threat, the White House said it was unlikely to support the bill

by Leigh Beadon, Techdirt

Here’s the full text of the statement from {Caitlin Hayden, a National Security Council spokeswoman):

“We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections. The Administration seeks to build upon the productive dialogue with Chairman Rogers and Ranking Member Ruppersberger over the last several months, and the Administration looks forward to continuing to work with them to ensure that any cybersecurity legislation reflects these principles. Further,

we believe the adopted committee amendments reflect a good faith-effort to incorporate some of the Administration’s important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities

.”

Where have we heard this before? FISA? The Patriot Act?

CISPA Amendment Proves Everyone’s Fears Were Justified While Failing To Assuage Them

Just this week, Rep. Rogers flatly stated this is not a surveillance bill. Still, in an attempt to placate the opposition, they backed an amendment (pdf and embedded below) from Rep. Hines replacing that paragraph, which passed in the markup phase. Here’s the new text:

   PRIVACY AND CIVIL LIBERTIES.-

   (A) POLICIES AND PROCEDURES.-The Director of National Intelligence, in consultation with the Secretary of Homeland Security and the Attorney General, shall establish and periodically review policies and procedures governing the receipt, retention, use, and disclosure of non-publicly available cyber threat information shared with the Federal Government in accordance with paragraph (1). Such policies and procedures shall, consistent with the need to protect systems and networks from cyber threats and mitigate cyber threats in a timely manner-

   (i) minimize the impact on privacy and civil liberties;

   (ii) reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is not necessary to protect systems or networks from cyber threats or mitigate cyber threats in a timely manner;

   (iii) include requirements to safeguard non-publicly available cyber threat information that may be used to identify specific persons from unauthorized access or acquisition;

   (iv) protect the confidentiality of cyber threat information associated with specific persons to the greatest extent practicable; and

   (v) not delay or impede the flow of cyber threat information necessary to defend against or mitigate a cyber threat.

It seems to me they are hoping that by making the section longer and more complicated, people will miss the fact that very little has changed. But what’s truly astonishing is that this new text reads like a confession that CISPA does involve all the stuff that they’ve been insisting it has nothing to do with.

The big thing, of course, is that this oversight now involves civilian agencies, which is really the only meaningful change – and its impact has been rather minimized. Rather than putting the DHS or another agency in between the public and military agencies like the NSA, they’ve simply given them some input – and it’s hard to say how meaningful that input will be.

The Privacy Risks of CISPA

by Michelle Richardson, Legislative Counsel, ACLU Washington Legislative Office

Reports of significant data breaches make headlines ever more frequently, but lost in the cloak and dagger stories of cyberespionage is the impact proposed cybersecurity programs can have on privacy. The same Internet that terrorists, spies and criminals exploit for nefarious purposes is the same Internet we all use daily for intensely private but totally innocuous purposes.

Unfortunately, in their pursuit to protect America’s critical infrastructure and trade secrets, some lawmakers are pushing a dangerous bill that would threaten Americans’ privacy while immunizing companies from any liability should that cyberinformation-sharing cause harm. [..]

Here’s what needs to happen. First, CISPA needs to be amended to clarify that civilians are in charge of information collection for cybersecurity purposes, period. Anything short of that is a fundamental failure. Second, the bill needs to narrow the definition of what can be shared specifically to say that companies can only share information necessary to address cyberthreats after making reasonable efforts to strip personally identifiable information. Industry witnesses before the House Intelligence and Homeland Security committees testified this year that this is workable, and such information isn’t even necessary to combat cyberthreats. Third, after sharing, CISPA information should be used only by government and corporate actors for cybersecurity purposes. As a corollary to that, there should be strict and aggressive minimization procedures to protect any sensitive data that slips through.

The ACLU and the Electronic Freedom Foundation (EFF) have banded together to Stop CISPA. The petitions with over 100,000 signatures has been delivered to the White House. Now we need to get to the phones.

The White House switchboard is 202-456-1414.

The comments line is 202-456-1111.

Numbers for the Senate are here.

Numbers for the House are here.

The late internet activist Aaron Swartz called CISPA the “The Patriot Act of the Internet”. Call the White House and your representatives to protect your privacy rights.

Mar 31 2013

What We Now Know

As you know Chris Hayes will be hosting a new MSNBC show beginning April 1 at 8 PM EDT that he promises will be the same format as Up. Up’s new host Steve Carnacki takes over as the Saturday and Sunday host of the new “Up with Steve Carnacki” on April 13. This Sunday and next the best segments of the last two years will be aired.

Best of ‘Up w/ Chris Hayes’: SOPA and the future of the Internet

by Meredith Clark, Up with Chris Hayes

Before his January suicide, Aaron Swartz was a leader in the fight against the Stop Online Piracy Act, or SOPA.  The groups with which Swartz worked-Demand Progress, the Electronic Frontier Foundation, and many others-continue to fight for information transparency and reforms to the laws currently used to prosecute individuals for alleged crimes committed online.

Swartz’ death shifted debate from piracy and regulation to the Computer Fraud and Abuse Act and the government’s attitude towards what it deems cybercrime, and hackers continue to be arrested and prosecuted. On March 26, the Justice Department announced that it had arrested a Wisconsin man for his alleged involvement in a Dedicated Denial of Service attack on two websites owned by Koch Industries. This arrest comes only a week after another hacker, Andrew Auernheimer, was sentenced to more than three years in prison for exposing a security hole in AT&T’s iPad user database.

Cases like these and actions like those of Operation KnightSec, the group of hackers who leaked information about the Steubenville rape investigation are sure to become more common, which means that over the issues SOPA raised will surface again.

Debating Sopa: January 15, 2012

Chris leads a debate on the controversial Stop Online Piracy Act (SOPA) with NBC Universal Executive Vice President and General council Richard Cotton; Reddit co-founder Alexis Ohanian; former Rep. Joe Sestak (D-PA); and former lobbyist Jack Abramoff.

SOPA is gone but it’s ugly twin is back. Meet the “Patriot Act of the Internet“, the Cyber Intelligence Sharing and Protection Act (CISPA) which the House is expected to vote on in mid-April:

The House is expected to vote on a set of cybersecurity-focused bills in mid-April. One of those bills would include the Cyber Intelligence Sharing and Protection Act (CISPA) by Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), which is aimed at removing the legal hurdles that prevent companies from sharing information about cyber threats with the government.

The bill boasts support from a broad swath of industry sectors – including the telecommunications, banking and tech industries – but has stoked criticism from privacy and civil liberties groups.

Privacy advocates charge that CISPA lacks sufficient privacy protections for people’s personal data and would increase the pool of Americans’ electronic communications that flow to the intelligence community, including the secretive National Security Agency.

The bill passed the House last spring but went untouched in the Senate, largely because it was working on its own comprehensive measure.

CISPA’s Problem Isn’t Bad PR, It’s Bad Privacy

by  Robyn Greene, Washington Legislative Office of the ACLU

Representative Mike Rogers (R-MI) made the argument last week that the privacy community’s significant concerns with CISPA, the privacy-busting cybersecurity bill, don’t stem from actual problems with the bill language, but rather from a misunderstanding of the bill itself. Speaking on behalf of himself and his co-sponsor, Representative Dutch Ruppersberger (D-MD), he told The Hill, “We feel that the bill clearly deals with privacy, that the checks and balances are there, but [we] know there’s still a perception and we’re still trying to deal with that.”  

The ACLU, along with a coalition of 41 privacy and civil liberties groups, are very concerned about the real-world impact that the authorities proposed in CISPA could have on Americans’ privacy and civil liberties. President Obama, along with top administration officials including Department of Homeland Security Secretary Janet Napolitano, have echoed many of our concerns. CISPA, in its current form (pdf):    

  • Creates an exception to all privacy laws to allow companies to share our personal information, including internet records and the content of emails, with the government and other companies, for cybersecurity purposes;
  • Permits our private information to be shared with any government agency, like the NSA or the Department of Defense ‘s Cyber Command;
  • Fails to require the protection of Americans’ personally identifiable information (PII), despite repeated statements by the private sector that it doesn’t want or need to share PII;
  • Once shared with the government, allows our information to be used for non-cybersecurity “national security” purposes – an overbroad “catch-all” phrase that can mean almost anything;
  • Immunizes companies from criminal or civil liability, even after an egregious breach of privacy;
  • Fails to implement adequate transparency and oversight mechanisms.

In a recent article in Wired, Chris Finan, former White House director for cybersecurity, urged Congress to fix CISPA by amending the bill so as to require companies to strip their customers’ PII before sharing it with the government; restrict information sharing to civilian agencies; restrict the further dissemination and use of information to cybersecurity purposes; place reasonable limits on companies’ liability protections; and establish a non-profit to act as an “independent ‘watchdog'”  over any information sharing program to enhance oversight and transparency.

It will would be great if Congress amended CISPA to address all of our privacy concerns, but it’s hard to hold out hope for sufficient changes so long as its chief sponsor thinks that it doesn’t have a privacy problem so much as a PR problem. Everyone, from the privacy community to the president, agrees that CISPA is bad on privacy – the problem isn’t our perception.

Violating Our Privacy Is Not An Option

Sign this petition and send Congress a message that our rights are not negotiable.

For Aaron and for us.

Feb 11 2013

CISPA Resurrected

Stop CISPAYou know that dress or shirt that’s been hanging in your closet for years, you know that hideous shade of fuscia that was a fashion must have for barely a season but you had to buy it, well, there are some bills in Congress that are just like that, the Cyber Intelligence Sharing and Protection Act (CISPA) is one of those bills. On Friday, while everyone was distracted by the blizzard in the Northeast, House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.)announced that they would reintroduce CISPA next week. Apparently alarmed by the recent hacks of government web sites and private banking information, this dynamic duo plan on reintroducing the same bill that the House passed last year that President Barack Obama’s advisors recommended he veto.

The bill, in the form it was presented in 2011,

would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack. [..]

CISPA has been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation, the American Civil Liberties Union, and Avaaz.org. Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual’s Internet browsing information. Additionally, they fear that such new powers could be used to spy on the general public rather than to pursue malicious hackers. CISPA has garnered favor from corporations and lobbying groups such as Microsoft, Facebook and the United States Chamber of Commerce, which look on it as a simple and effective means of sharing important cyber threat information with the government.

Some critics saw CISPA as a second attempt at strengthening digital piracy laws after the anti-piracy Stop Online Piracy Act became deeply unpopular. Intellectual property theft was initially listed in the bill as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts

It is now clawing its way back to life. The ACLU is asking for our help to once again gear up to protect and preserve the right to freedom of the internet

Because of your activism last year, big and important changes were made to the Senate cyber bill, including significant privacy protections. Let’s do it again House-side. If the House wants smart cyber legislation that also protects privacy, it needs to ensure that the programs are civilian-led, minimize the sharing of sensitive personal information between government and corporations, and protect collected information from non-cyber uses.

So bone up on what CISPA does, see the many organizations from left to right who have opposed CISPA, compare it (pdf) to the far better legislation in the Senate, and read why even the Obama administration threatened to veto this bill last year. And get ready to fight for your right to online privacy once again.

This was what Internet Activist Aaron Swartz fought against when he called CISPA “The Patriot Act of the Internet”

Swartz told Russia Today that whereas SOPA was exclusively “about giving the government the power to censor the Internet,” CISPA has the same kind of censorship provisions but “is more like a Patriot Act for the Internet.”

“It sort of lets the government run roughshod over privacy protections and share personal data about you,” he explained, “take it from Facebook and Internet providers and use it without the normal privacy protections that are in the law. … It’s an incredibly broad and dangerous bill.”

“The thing about this bill is it doesn’t really have any protections against cyber threats,” Swartz added. “All it does is make people share their information. But that’s not going to solve the problem. What’s going to solve the problem is actual security measures, protecting the service in the first place, not spying on people after the fact.”

This bill needs to be stopped and quickly. The time to act is now, educate yourself, your family and friends to the danger this bill represents.

Violating Our Privacy Is Not An Option

Sign this petition and send Congress a message that our rights are not negotiable.

For Aaron and for us.

Apr 29 2012

Stop CISPA: What You Need to Know

CISPA, the cyber-security bill which threatens individual privacy rights on the internet, has passed the House, ignoring a possible veto, and will go to the Senate:

On a bipartisan vote of 248-168, the Republican-controlled House backed the Cyber Intelligence Sharing and Protection Act (Cispa), which would encourage companies and the federal government to share information collected on the internet to prevent electronic attacks from cybercriminals, foreign governments and terrorists.

“This is the last bastion of things we need to do to protect this country,” Republican Mike Rogers, chairman of the House intelligence committee, said after more than five hours of debate. [..]

The White House, along with a coalition of liberal and conservative groups and lawmakers, strongly opposed the measure, complaining that Americans’ privacy could be violated. They argued that companies could share an employee’s personal information with the government, data that could end up in the hands of officials from the National Security Agency or the defence department. They also challenged the bill’s liability waiver for private companies that disclose information, complaining it was too broad.

“Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity,” a coalition that included the American Civil Liberties Union and former conservative Republican representative Bob Barr, lawmakers said on Thursday.

CISPA Critics Warn Cybersecurity Bill Will Increase Domestic Surveillance and Violate Privacy Rights

As it heads toward a House vote, critics say the Cyber Intelligence Sharing and Protection Act (CISPA) would allow private internet companies like Google, Facebook and Microsoft to hand over troves of confidential customer records and communications to the National Security Agency, FBI and Department of Homeland Security, effectively legalizing a secret domestic surveillance program already run by the NSA. Backers say the measure is needed to help private firms crackdown on foreign entities – including the Chinese and Russian governments – committing online economic espionage. The bill has faced widespread opposition from online privacy advocates and even the Obama administration, which has threatened a veto. “CISPA … will create an exception to all existing privacy laws so that companies can share very sensitive and personal information directly with the government, including military agencies like the National Security Agency,” says Michelle Richardson, legislative counsel for the American Civil Liberties Union. “Once the government has it, they can repurpose it and use it for a number of things, including an undefined national security use.” [includes rush transcript]

Think Progress has a summery of what we need to know  about CISPA to fight to stop its passage:

  • CISPA’s broad language will likely give the government access to anyone’s personal information with few privacy protections: CISPA allows the government access to any “information pertaining directly to a vulnerability of, or threat to, a system or network of a government or private entity.” [..]
  • It supersedes all other provisions of the law protecting privacy: As the bill is currently written, CISPA would apply “notwithstanding any other provision of law.” [..]
  • The bill completely exempts itself from the Freedom of Information Act: Citizens and journalists have access to most things the government does via the Freedom of Information Act (FOIA), a key tool for increasing transparency.
  • [..]

  • CISPA gives companies blanket immunity from future lawsuits: One of the most egregious aspects of CISPA is that it gives blanket legal immunity to any company that shares its customers’ private information.
  • [..]

  • Recent revisions don’t go nearly far enough: In an attempt to specify how the government can use the information they collect, the House passed an amendment saying the data can only be used for: “1) cybersecurity; 2) investigation and prosecution of cybersecurity crimes; 3) protection of individuals from the danger of death or physical injury; 4) protection of minors from physical or psychological harm; and 5) protection of the national security of the United States.”
  • Citizens have to trust that companies like Facebook won’t share your personal information: CISPA does not force companies share private user information with the government. {..] Companies may not be legally required to turn over information, but they “may not be in a position to say no.”
  • Companies can already inform the government and each other about incoming cybersecurity threats: {..} opponents of the bill point out that “network administrators and security researchers at private firms have shared threat information with one another for decades.”
  • The internet is fighting back: The same online activists who fought hard against SOPA are now engaged in the battle over CISPA.
  • Most Republicans support CISPA, while most Democrats oppose it: Among congressmen that voted, 88 percent of Republicans supported the bill while 77 percent of Democrats opposed it.
  • President Obama threatened to veto it: Recognizing the threat to civil liberties that CISPA poses, President Obama announced this week that he “strongly opposes” the bill and has threatened to veto if it comes to his desk.
  • Join the Fight to Stop CISPA! Sign the petition:

    Save the Internet from the US

    Write your Senators

    Tell Congress: Keep My Inbox Away From the Government

    Apr 26 2012

    CISPA: Cybersecurity That Leaves Us All Unsecure

    Here we go again with the right to internet privacy and security for the individual being threatened by the government on behalf of corporations. On November 11 last year, the Cyber Intelligence Sharing and Protection Act was introduced in the House by U.S. Representative Michael Rogers (R-MI) and 111 co-sponsors. The bills supposed purpose would allow the voluntary sharing of attack and threat information between the U.S. government and security cleared technology and manufacturing companies to ensure the security of networks against patterns of attack.

    What does that mean, you ask? Well, as Rep. Ron Paul (R-TX) explains the bill would allow “both the federal government and private companies to view your private online communications without judicial oversight provided that they do so of course in the name of cyber-security.” Paul calls the CISPA the new SOPA:

    CISPA represents an alarming form of corporatism, as it further intertwines government with companies like Google and Facebook. It permits them to hand over your private communications to government officials without a warrant, circumventing well-established federal laws like the Wiretap Act and the Electronic Communications Privacy Act. It also grants them broad immunity from lawsuits for doing so, leaving you without recourse for invasions of privacy. Simply put, CISPA encourages some of our most successful internet companies to act as government spies, sowing distrust of social media and chilling communication in one segment of the world economy where America still leads.

    Proponents of CISPA may be well-intentioned, but they unquestionably are leading us toward a national security state rather than a free constitutional republic. Imagine having government-approved employees embedded at Facebook, complete with federal security clearances, serving as conduits for secret information about their American customers. If you believe in privacy and free markets, you should be deeply concerned about the proposed marriage of government intelligence gathering with private, profit-seeking companies. CISPA is Big Brother writ large, putting the resources of private industry to work for the nefarious purpose of spying on the American people. We can only hope the public responds to CISPA as it did to SOPA back in January. I urge you to learn more about the bill by reading a synopsis provided by the Electronic Frontier Foundation on their website at eff.org. I also urge you to call your federal Senators and Representatives and urge them to oppose CISPA and similar bills that attack internet freedom.

    This is CISPA (pdf):

  • CISPA could allow any private company to share vast amounts of sensitive, private data about its customers with the government.
  • CISPA would override all other federal and state privacy laws, and allow a private company to share nearly anything-from the contents of private emails and Internet browsing history to medical, educational and financial records-as long as it “directly pertains to” a “cyber threat,” which is broadly defined.
  • CISPA does not require that data shared with the government be stripped of unnecessary personally-identifiable information. A private company may choose to anonymize the data it shares with the government. However, there is no requirement that it does so-even when personally-identifiable information is unnecessary for cybersecurity measures. For example, emails could be shared with the full names of their authors and recipients. A company could decide to leave the names of its customers in the data it shares with the government merely because it does not want to incur the expense of deleting them. This is contrary to the recommendations of the House Republican Cybersecurity Task Force and other bills to authorize information sharing, which require companies to make a reasonable effort to minimize the sharing of personally-identifiable information.
  • CISPA would allow the government to use collected private information for reasons other than cybersecurity. The government could use any information it receives for “any lawful purpose” besides “regulatory purposes,” so long as the same use can also be justified by cybersecurity or the protection of national security. This would provide no meaningful limit-a government official could easily create a connection to “national security” to justify nearly any type of investigation.
  • CISPA would give Internet Service Providers free rein to monitor the private communications and activities of users on their networks. ISPs would have wide latitude to do anything that can be construed as part of a “cybersecurity system,” regardless of any other privacy or telecommunications law.
  • CISPA would empower the military and the National Security Agency (NSA) to collect information about domestic Internet users. Other information sharing bills would direct private information from domestic sources to civilian agencies, such as the Department of Homeland Security. CISPA contains no such limitation. Instead, the Department of Defense and the NSA could solicit and receive information directly from American companies, about users and systems inside the United States.
  • CISPA places too much faith in private companies, to safeguard their most sensitive customer data from government intrusion. While information sharing would be voluntary under CISPA, the government has a variety of ways to pressure private companies to share large volumes of customer information. With complete legal immunity, private companies have few clear incentives to resist such pressure. There is also no requirement that companies ever tell their customers what they have shared with the government, either before or after the fact. As informed consumers, Americans expect technology companies to have clear privacy policies, telling us exactly how and when the company will use and share our personal data, so that we can make informed choices about which companies have earned our trust and deserve our business.
  • On Wednesday the White House Office of Management and Budget issues a lengthy statement in opposition to CISPA and a threat to veto the bill:

  • “H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. […]”
  • “The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. […]”
  • It would “inappropriately shield companies from any suits where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. […]”
  • And finally, it “effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. […]”
  • “If H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill,” OMB
  • said.

    h/t to Joan McCarter at Daily Kos for the summery

    We at The Stars Hollow Gazette and Docudharma strongly oppose CISPA and urge you to contact your Congress person:

    Tell Congress: Keep My Inbox Away From the Government

    and to sign the petition:

    Stop CISPA