On April 26, Propublica reported on the Cyber Intelligence Sharing and Protection Act, or CISPA, and the debate it has inspired about the privacy of your Internet data and security. The underlying bill allows Internet providers, software companies and other private firms to share information about “cybersecurity” with the federal government — and protects them from legal liability.

The bill’s sponsors touted a handful of amendments they said addressed privacy and civil liberties concerns, but privacy activists say the amendments still don’t go far enough. The House had been set to vote on the bill today but instead passed it Thursday night, 248-168, with some changes:

How “cyber threat” information can be used: Rep. Ben Quayle, R-Ariz., proposed an amendment that limits the use of shared cyber threat information to five purposes: protecting cybersecurity, investigating cybersecurity crimes, protecting people from death or injury, protecting minors from harm, and protecting U.S. national security.

What kind of information can be shared: An amendment by Rep. Bob Goodlatte, R-Va., specifies the kind of information that can be shared, saying it must be “directly pertaining to” a threat, vulnerability, attack or unauthorized access. It also makes clear that violating a website’s terms of service — that’s the form on which you check “agree” when registering at a site like Facebook or Gmail — doesn’t constitute a cyber threat.

A second look: An amendment proposed by Rep. Mick Mulvaney, R-S.C., states that five years after the bill is enacted, Congress would have to re-examine and reauthorize it, providing an opportunity to address changes in technology or unintended consequences.

Addressing civil liberties: An amendment proposed by Mulvaney and Rep. Norman Dicks, D-Wash., says that in sharing information, the federal government should take “reasonable efforts” to limit the impact on privacy and civil liberties, consistent with the need to protect cyber threats.

Personal records: Put forth by Rep. Justin Amash, R-Mich., the amendment says the government can’t make use of educational, medical, firearms or tax return records that it receives from private companies through CISPA.

Why privacy activists are unhappy

The American Civil Liberties Union, the Electronic Frontier Foundation and other pro-privacy groups continue to argue that the bill would enable commercial interests and intelligence agencies to misuse personal information under the guise of preventing cybercrimes. The pro-privacy groups say the amendments represent an improvement but don’t offer sufficient safeguards. CISPA allows private companies to hand information directly to military and intelligence agencies, such as the National Security Agency.

Privacy activists backed amendments by Democrats to give the Department of Homeland Security authority to devise privacy protections. None made it to the floor in the GOP-controlled House.

Under the amended bill, shared information can be used for the protection of national security, not just cybersecurity. Some opponents say this is too broad and fear it would be easy for the government to justify collecting private data even when unrelated to hacking or Internet security.

What’s next 

CISPA faces a hard road in the Democrat-controlled Senate, where it must duke it out with cybersecurity bills backed by Sen. Joe Lieberman, I-Conn., and Sen. John McCain, R-Ariz. The White House said this week that advisers would recommend that President Obama veto CISPA if it ever reaches his desk.

by Megha Rajagopalan, ProPublica, April 27, 2012, 4:37 p.m.

The article In the Evening Hours, CISPA Gets Some New Features appeared first on The Toonari Post - News, Powered by the People!.

Thursday, April 26, the House of Representative approved the Cyber Intelligence Sharing and Protection Act (CISPA) on a bipartisan vote by a margin of 248 to 168, despite the threat of a possible veto by President Obama.

The Cyber Intelligence Sharing and Protection Act would allow the government to access web users’ private data and to pass on information to commercial companies on suspicion of cyber attacks and hacker threats, and it would allow also the companies to share their users’ information with the government and security agencies to ensure the networks’ security.

The Obama Administration strongly opposes the measure and it says the law repeals “important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards.”

In a statement on Wednesday, the White House has also threatened to veto the House bill.  “[CISPA] would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” reads the statement. “The broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation’s economic, national security, and public safety interests.”

Instead of putting private information and cybersecurity in the hands of military and intelligence agencies, the White House would prefer a Senate measure to give the “central role” to the Department of Homeland Security, which is a civilian agency.

Despite the opposition of the Administration, the bill passed with some amendments to the original that moderate its effects and limit the government’s use of threat information to specific purposes such as the protection of individuals from death or serious bodily harm investigation and the prosecution of cybersecurity crimes; protection of minors from exploitation; and the protection of national security.

Advocacy groups, CISPA opponent coalitions and lawmakers strongly condemned the passage of the bill, arguing that these amendments are not enough to assure users’ privacy protection.

“CISPA goes too far for little reason,” said ACLU legislative counsel Michelle Richardson. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”

“In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet. It would create a “Wild West” of information sharing,” said Rep. Bennie Thompson of Mississippi.

CISPA was introduced by Republican Rep. Mike Rogers in November 2011 and it is supported by more than 800 private companies. Among those include Facebook, Microsoft, AT&T, Intel, IBM and Verizon.

“We can’t stand by and do nothing as US companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” said Rep. Mike Rogers. “America will be a little safer and our economy better protected from foreign cyber predators with this legislation.” “There is no government surveillance, none, not any in this bill,” he argued referring to the legislation.

Over the last weeks, activist groups and organizations like Avaaz.org, American Civil Liberties Union (ACLU), Reporters Without Borders, the Electronic Frontier Foundation, strongly criticized CISPA and launched campaigns to turn the spotlight on the internet privacy right issues tied to it.

In a video released on April 27, titled “Operation Defense. Phase II,” the famous hacker group ‘Anonymous’ called on American CISPA opponents to take the battle to the street and organize local protests at the offices of the companies that support the bill between May and June.

“Remember, you have a right to protest if you care about your freedom of speech, your right to privacy and your government censoring you. This is your time to act now. We will defend our home. Operation Defense phase two engaged. We are Anonymous. We are legion. We do not forgive. We do not forget. Supporters of CISPA, you should have expected us,” the video statement concludes.

After SOPA, CISPA is the new battle for the internet, but what will be the next? 

The article CISPA: The New Battle for the Internet appeared first on The Toonari Post - News, Powered by the People!.

Update (4/26): An earlier version of this story said a proposed amendment by Rep. Adam Schiff, D-Calif., had helped gain support for CISPA. Schiff’s amendment, which among other things would further define what’s considered a “cyber threat,” is no longer scheduled for consideration.

The Cyber Intelligence Sharing and Protection Act, up for debate in the House of Representatives today, has privacy activists, tech companies, security wonks and the Obama administration all jousting about what it means 2013 not only for security but Internet privacy and intellectual property. Backers expect CISPA to pass, unlike SOPA, the Stop Online Piracy Act that melted down amid controversy earlier this year.

Here’s a rundown on the debate and what CISPA could mean for Internet users.

What exactly is CISPA?

The act, sponsored Rep. Mike Rogers, R-Mich., and Rep. Dutch Ruppersberger, D-Md., would make it easier for private corporations and U.S. agencies, including military and intelligence, to share information related to “cyber threats.”

In theory, this would enable the government and companies to keep up-to-date on security risks and protect themselves more efficiently. CISPA would amend the National Security Act of 1947, which currently contains no reference to cyber security.  Companies wouldn’t be required to share any data. They would just be allowed to do so.

Why should I care?

CISPA could enable companies like Facebook and Twitter, as well as Internet service providers, to share your personal information with the National Security Agency and the CIA, as long as that information is deemed to pertain to a cyber threat or to national security.

How does the bill define “cyber threat”?

The bill itself defines it as information “pertaining to a vulnerability of” a system or network 2014 a definition that opponents have criticized as too broad. The bill gained support after sponsors agreed to allow votes on several amendments they said would make concessions to privacy activists; one aims to narrow the definition of “cyber threat.”

When can data be shared?

Rogers said the amended version of the bill would only enable companies and intelligence agencies to share information related to 1) cyber security purposes; 2) investigation and prosecution of cyber security crimes; 3) protection of individuals from death and bodily harm; 4) child pornography; or 5) protection of the national security of the United States.

Why are privacy activists upset about CISPA?

Privacy activists like the American Civil Liberties Union and the Electronic Frontier Foundation contend CISPA isn’t specific enough about just what constitutes a “cyber threat.” They say it enables Internet companies and service providers to hand over sensitive user information to intelligence agencies without enough oversight from the civilian side of government.

Finally, they say it does not explicitly require Internet companies to remove identifying information about users before sharing. Opponents contend, for instance, that Facebook or Twitter could share user messages with the NSA or FBI without redacting the user’s name or personal details.

CISPA also protects the private sector from liability even if they share private user information, as long as that information is deemed to have been shared for cybersecurity or national security purposes. Even though sharing is voluntary and not required under the law, privacy activists say the legal immunity CISPA provides would make it easy for the government to pressure Internet companies to give up user data.

What kind of information can be shared?

Private companies and government agencies can share any information that pertains to a “cyber threat” or that would endanger national security. That could include user information, emails, and direct messages. Companies would be allowed to share with each other as well as the government.

The government is not allowed to proactively search company-provided information for purposes unrelated to cyber security, but opponents say this would be tough to enforce. The bill does not place any explicit limit on how long that information can be kept. Several proposed amendments would limit the amount and kinds of information that can be shared, but it remains to be seen which 2014 if any 2014 will be adopted.

Is CISPA basically SOPA 2.0?

No, it’s very different.

SOPA was about intellectual property; CISPA is about cyber security, but opponents believe both bills have the potential to trample constitutional rights. The comparisons to SOPA stem from language in an earlier version of CISPA that referenced intellectual property. That wording was removed early on in response to mounting criticism. SOPA would have strengthened copyright laws, barring search engines and other websites from linking to sites that violated intellectual property regulations.

That prompted a First Amendment concern from critics that it would give government the power to block websites wholesale, trampling free speech. CISPA’s liability shield, on the other hand, has sparked a concern based on the Fourth Amendment, which protects against unreasonable search and seizure. Opponents contend the law would make it too easy for private companies and the intelligence community to spy on users in the name of cyber security.

Why are some of the tech companies that protested SOPA, like Facebook and Microsoft, now supporting this bill?

CISPA gives Internet companies the ability to share threat information with intelligence agencies and receive information back from them, an ability they say would enable them to deal with cyber threats more effectively. It does not compel them to protect users’ privacy (though a variety of proposed amendments aim to add more stringent privacy protections). Companies could not be held liable for divulging a user’s identity or data to the government if the information relates to a “cyber threat.”

What’s the Obama administration’s take?

The White House is backing a Senate bill proposed by Homeland Security and Governmental Affairs Committee Chairman Sen. Joe Lieberman, I-Conn., and has threatened to veto CISPA. Officials cite a lack of personal privacy protections. They say CISPA would enable military and intelligence agencies to take on a policing role on the internet, which the administration points out is a civilian sphere.

What is CISPA’s path forward in Congress?

A vote is set for Friday. CISPA has accumulated more than 100 cosponsors and will most likely pass the House. “This isn’t about scrambling to meet 218 votes, we are well past that,” co-sponsor Rogers said during a conference call with reporters. But the Senate is a different story 2014 there, it must compete with the Lieberman cyber security bill and one from Sen. John McCain, R-Ariz.

Would CISPA really make us more secure?

It’s unclear.

Some cyber security specialists note that neither CISPA nor other cyber security bills in Congress would compel companies to update software, hire outside specialists or take other measures to preemptively secure themselves against hackers and other threats. CISPA’s backers respond that the bill would forestall a “digital Pearl Harbor,” allowing a freer flow of information for a quicker and more effective response to hackers by both the government and the private sector.

by Megha Rajagopalan ProPublica, April 26, 2012, 1:16 p.m.

The article Is CISPA SOPA 2.0? We Explain the Cybersecurity Bill appeared first on The Toonari Post - News, Powered by the People!.