CISPA, the sweeping cyber-surveillance bill that is gallumphing through Congress despite its constitutional deficiencies, has hit a snag. The Office of Management and Budget has recommended that Obama veto the bill, should it reach his desk. The bill's up for a vote on Friday. Here's Cyrus Farivar, writing about it on Ars Technica:
"Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security," the e-mail states. "The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill."
The eight-paragraph message articulates various reasons why the OMB opposes the bill, including that the bill "significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres" and that it "also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes."
CISPA veto recommended by White House, bill's authors defend it
Forest sez, "The Creators of 'The Day the LOLcats Died' bring you a new video in protest of CISPA: We appointed a Congressional committee to create a video opposing CISPA, a new bill being voted on later this week in the House of Representatives. This is what they came up with. Don't let Congress make things for the Internet. Oppose CISPA today. The EFF has a great tool to help."
Zakkai from Fight for the Future (the folks who brought you the war on SOPA) sez, "Want to fight for Internet privacy with cute cat photos? CISPAcat is a new advice animal that wants nothing more than to spy on your internet activity. He's the child of the privacy-killing cybersecurity bill CISPA and the equally creepy ceiling cat. Check him out and submit your own. Curious why CISPA is so bad? Read about it at the EFF's website."
CISPA CAT IS WATCHING YOU
Zakkai sez, "We have the feeling that even CISPA's sponsors don't understand how ridiculous their bill is. Do government agencies and corporations really need to be able to spy on us all the time for any reason? To draw attention to how unnecessary and inappropriate CISPA is, Fight for the Future is launching the CongressTMI campaign along with a coalition of organizations including the ACLU, EFF and Avaaz. The CongressTMI campaign organizes internet users to flood CISPA sponsors' Twitter accounts with our uninteresting and useless personal data (Too Much Information or TMI) - the kind of information that the government will have access to if CISPA passes. But if it does pass, we won't be able to keep the government away from data we don't think is funny, like our personal email or search history. In fact, we'll barely have any privacy rights at all. Hopefully this deluge of mundane crap will be enough to open some eyes in congress and get some internet citizens excited about fighting for their rights."
Congress ending privacy with CISPA? Fight back with TMI!
A coalition of US civil liberties organizations have declared this to be Stop Cyber Spying Week, with the goal of scuttling CISPA, the Internet spying bill that promotes web-censorship, bulk surveillance, and warrantless wiretapping by government and Internet companies, while turning over spying governance to the unaccountable, secretive NSA.
CISPA's supporters, notably CISPA sponsor Rep Mike Rogers (R-MI), have pooh-poohed the Internet's concerns, and say that the bill is a lock, and nothing we say can change Congress's mind (apparently, they've forgotten the lesson of SOPA). Now, the Electronic Frontier Foundation replies with specific, Internet-breaking, out-of-control surveillance scenarios CISPA would create:
One of the scariest parts of CISPA is that the bill goes above and beyond information sharing. Its definitions allow for countermeasures to be taken by private entities, and we think these provisions are ripe for abuse. Indeed, the bill defines "cybersecurity purpose" as any threat related to safeguarding or protecting a network. As long as companies act in "good faith" for a cybersecurity purpose, they have leeway to protect against “efforts to degrade, disrupt, or destroy [a] system or network.” This opens the door for ISPs and other companies to perform aggressive countermeasures like dropping or altering packets, so long as this is used as part of scheme to identify cybersecurity threats. These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet. This could also mean blocking websites, or disrupting privacy-enhancing technologies such as Tor. These countermeasures could even serve as a back door to enact policies unrelated to cybersecurity, such as disrupting p2p traffic.
Yes, CISPA Could Allow Companies to Filter or Block Internet Traffic
US Secretary of State Hillary Clinton has repeated her view that the world's governments should respect Internet freedom, telling the Brasilia Open Government Summit that the world is dividing into "open" and "closed" societies characterized by their attitude towards net freedom. It's a laudable sentiment, but as they say, "We know you love freedom, we just wish you'd share." After all, America is one of the world's leading exporters of Internet censorship and surveillance laws (in the form of its intervention into copyright laws, as well as instigating unaccountable, secret copyright treaty negotiations like ACTA and TPP. They're also the world's leading exporter of Internet surveillance and censorship technology, thanks first to the US national requirement that telcoms companies buy equipment that allows for direct police surveillance, and the aggressive sale of this surveillance and control technology to the world's dictatorship by US firms.
Speaking at the inaugural meeting of the Open Government Partnership in Brasilia, she said countries could only become more secure and peaceful if they were open. "In the 21st century, the US is convinced that one of the most significant divisions between nations will be not between east or west, nor over religion, so much as between open and closed societies," she said.
"We believe those governments that hide from public view and dismiss ideas of openness and the aspirations of their people for greater freedom will find it increasingly difficult to create a secure society."
It's particularly galling that Secretary Clinton made these remarks even as the US Congress is poised to pass CISPA, which establishes a national US regime of censorship and warrantless surveillance.
Open or closed society is key dividing line of 21st century, says Hillary Clinton
(Image: Clinton Rally 90, a Creative Commons Attribution Share-Alike (2.0) image from kakissel's photostream)
CISPA, the pending US cybersecurity bill, is a terrible law, with many of the worst features of SOPA -- surveillance and domain seizures and censorship and so on. What's more, it is being supported by one of the largest Web companies in the world: Facebook. DemandProgress is asking its supporters to write to Facebook and ask them to withdraw their support.
What is Facebook thinking? They've signed on in support of CISPA -- the new bill that would obliterate online privacy, give the military crazy new abilities to spy on the Internet, and potentially let ISPs block sites and cut off users accused of piracy.
Tell Facebook: Withdraw Your Support For CISPA
CISPA, the Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), is a successor, of sorts, to the loathesome SOPA legislative proposal, which was shot down in flames earlier this year. EFF's chilling analysis of the bill shows how it could be used to give copyright enforcers carte blanche to spy on Internet users and censoring the Internet (it would also give these powers to companies and governments who'd been embarrassed by sites like Wikileaks).
Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.”
The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
Yes, intellectual property. It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
There's a DemandProgress petition against CISPA (DemandProgress was one of the leaders of the SOPA fight).