A day ahead of schedule, the House approved CISPA.
The vote was 248 to 168, as 42 Democrats joined 206 Republicans in backing the bill. The “no” votes were cast by 140 Democrats and 28 Republicans
Despite these numbers, my readers will no doubt insist on trying to convince me that both parties are equally culpable. Take that bullshit to some other blog.
Some observers argue that the amended version is, as this author
puts it, only "slightly less creepy." In fact, the rewritten bill is much worse
Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.
Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government's power.
"Protection of individuals"? That wording is far too broad. BDSM fantasists can be targeted under CISPA. We're in Minority Report
territory here -- prosecuting people for crimes that have not been committed yet.
We are best protected by a justice system that respects our privacy. We don't want our every online communication scrutinized by unseen spies. We want a system that disallows searches by anyone other than a cop armed with a warrant.
As Orson Welles once wrote: Police work is easy only in a police state.
Here's the EFF's take
Minimization Retention and Notification Amendment This amendment has a somewhat misleading title because it does little to actually “minimize” the retention of sensitive user data. In short, the amendment states that if a department or agency receives information that actually isn’t related to cyber security threats, they shall “notify” the entity that gave them the information. This amendment also says that data won’t be kept for purposes other than what has been outlined in the bill—but doesn’t actually narrow the expansive reasons that data can be kept.
The bill also states that the government “may” choose to “undertake reasonable efforts to limit the impact on privacy and civil liberties.” There’s no mandate to do so and no explanation of what constitutes “reasonable efforts.”
Definitions Amendment—We’ve been highly critical of the overbroad ways in which “cyber security” is defined in the bill. We’re concerned that typical privacy-protective measures like using Tor or pseudonyms might be deemed “cyber threat information” under the vague definitions of CISPA. The good news is that this amendment excludes intelligence pertaining to efforts to gain unauthorized access that “solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access.” This is a step in the right direction because at least signing up for Facebook with a pseudonym is unlikely to get you reported to the FBI for attempting to gain “unauthorized access.”
Unfortunately, this amendment doesn’t address the serious problems with the vague definitions. Even after amendments, “Cybersecurity system" defines the system that “cybersecurity providers” or self-protected entities use to monitor and defend against cyber threats. This is a “system” intended to safeguard “a system or network.” The definition could mean anything—a Local Area Network, a Wide Area Network, a microchip, a website, online service, or a DVD. It might easily be stretched to be a catch-all term with no meaning. For example, it is unclear whether DRM on a DVD constitutes a “cybersecurity system.” And such a “cybersecurity system” is defined to protect a system or network from “efforts to degrade, disrupt or destroy”—language that is similarly too broad. Degrading a network could be construed to mean using a privacy-enhancing technology like Tor, or a p2p protocol, or simply downloading too many files.
If I understand the EFF correctly, making use of a Virtual Private Network could be considered an assault on a cybersecurity system. VPNs are much like Tor or a proxy server -- they allow you to route all your traffic through an unrelated server. A lot of people use VPNs to watch the BBC outside of the U.K., or to watch Hulu outside of the United States.
The new law is so broad that you may be consider a "cybersecurity threat" if you simply try to hide your identity.
Under this law, the military will have the power to collect all sorts of data on innocent Americans. If you still don't understand the scope of the danger, let me turn on all the lights for you: Although the CIA is prohibited by statute from operating domestically, that statute does not cover the Defense Department's new DCS
. I can't think of any other reason why the DCS was brought into existence without any notable public debate.
We didn't need yet another intelligence service in order to fight terrorists. The new spooks will be spooking you
. And CISPA gives the intelligence community all the tools necessary to track your every movement. your every association -- your every thought
What made CISPA so controversial is a section saying that, “notwithstanding any other provision of law,” companies may share information with Homeland Security, the IRS, the NSA, or other agencies. By including the word “notwithstanding,” CISPA’s drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more.
Now the battle for privacy goes to the Senate. Here's how to petition your senators
We must also put pressure on the White House. And I'm talking about an unprecedented
amount of pressure.
I don't want to hear any defeatist caterwauling. True, I'm a cynic by nature, and nobody ever called me an Obama fan. But the fact remains -- he may soon be the only protection we have against the passage of this bill.
At this writing, the White House threat to veto CISPA remains operational. So...there's that
. We have to make sure that Obama understands that if he fucks us this
time, Dems will finally rebel.
This is it. We must draw a line, and we must inform the President in no uncertain terms that he dare not cross it. Tell Obama: If you don't veto, we don't vote.