Washington, D.C. was alive yesterday with the squeak of lobbyist cash lubricating Congress to thrust a controversial new law on the American public. The new bill is on the surface similar to big media’s Orwellian SOPA (Stop Online Piracy Act) (H.R. 3261). But while a merry brand of citizen activism struck down SOPA and its Senate equivalent — the “PROTECT IP Act” (PIPA) (S.968) — in the eleventh hour, this time around there were no massive protests to derail the bill.
I. Cash Pushes CISPA Through
The last time around sponsors like Viacom, Inc. (VIA), Time Warner, Inc. (TWX), and Sony Corp.’s (TYO:6758) movie and music subsidiaries paid a whopping $86M USD (source: Maplight) to active Senators alone over the last six-year cycle, only to see their carefully laid plans dashed when the PROTECT IP Act.
With the defeat of PIPA, big media moved on, partnering with internet service providers to police file sharers via “six strikes” systems.
But a new coalition of special interests, which include America’s two largest cellular service providers AT&T, Inc. (T) and Verizon Wireless — jointly owned by Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD) — as well as two of the nation’s largest software firms Microsoft Corp. (MSFT) and Intel Corp. (INTC), came together to create a similar data grab bill (Microsoft has since renounced its support). Security firms like Symantec Corp. (SYMC) also backed the bill.
That bill — the “Cyber Intelligence Sharing and Protection Act” (CISPA) (H.R. 3523) — passed the house by a healthy 288-to-127 margin.
CISPA passed by a healthy margin (Yeas are dark). [Image Source: GovTrack]
Pushing the bill through was $84M USD in funding from special interest backers (source: Maplight). With the average cost of a House seat running at a cool $1.44M USD in 2010 (source: OpenSecrets), that represents nearly 13 percent of the total cost of election for the 435 members of Congress.
CISPA was backed by nearly as much lobbyist cash as SOPA. [Image Source: i-Sight] Perhaps that’s why 92 members of the Democratic minority joined with 196 members of the Republican majority in passing the measure, despite opposition from President Obama (D).
II. Supporters Defend “Voluntary” Warrantless Sharing
The bill in essence will create an open door that allows corporations to voluntarily share citizens’ records with the government without the government issuing warrants. Some companies find that appealing for a variety of reasons. First, some may be hoping to snag lucrative contracts to handle that data. Second, some may view it as protection against large-scale threats like Chinese hackers. Third, some feel that its language protects them from financial fallout of citizen lawsuits.
Corporate backers also appreciate that the government isn’t trying to force them to share information on threats — that was a major bone of contention about SOPA.
Sponsor Rep. Mike Rogers (R-Mich.) has long said the purpose of CISPA is to protect vital parts of America’s connected infrastructure — like utilities or cellular systems — from attack from China, Iran, and other hostile foreign internet powers.
When foreign hackers steal trade secrets, US loses high paying jobs. Losses range up to $400 bil from cyber economic espionage #CISPA
— Mike Rogers (MI-08) (@RepMikeRogers) April 17, 2013
In a document “CISPA: Myth v. Fact” [PDF], Rep. Rogers and the bill’s other backers defend it, pointing out that the bill limits when the government can collect data — namely, in response to “cybersecurity threats”, to assist in the investigation of violent crimes, or to counter child exploitation.
Rep. Rogers may have a bit of vested interest — his wife Kristi Clemens Rogers is CEO of Aegis LLC a “security” defense contractor company, who could score lucrative contracts to provide cybersecurity “solutions” to the government under CISPA. Her company already has a $10B USD contract with the U.S. Department of State.
III. Innocent Bystanders Could be Exposed
To be fair, he’s right. Versus SOPA, the language regarding privacy is seemingly much stronger and the scope of warrantless information passing is seemingly much narrower. But some argue that even cracking open the door of warrantless surveillance may lead to problems.
That’s the position of the Electronic Frontier Foundation (EFF) and American Civil Liberties Union (ACLU). The ACLU writes:
[CISPA] would threaten Americans’ privacy while immunizing companies from any liability should that cyberinformation-sharing cause harm.
One scenario that the bill could lead to trouble is if a public/shared connection or an infected citizen computer is used in an attack. Under such circumstances, innocent bystanders could have their email or browsing history seized despite not personally committing the crime under investigation.
If a shared connection at a coffee shop is used in an attack, your records could be seized.
[Image Source: Google Images/Unknown]
On Monday Rep. Ron Paul (R-Tex.) slammed the bill, reiterating previous criticism. In a post he says CISPA represents “the new SOPA”, “the latest assault on internet freedom”, an “alarming form of corporatism,” and a “Big Brother writ large.”
Rep. Ron Paul blasted CISPA on Monday. [Image Source: AP]
Rep. Paul did manage to amend the bill to protect firearms and library records from warrantless surveillance. Rep. Paul abstained from the final vote on the bill, which saw only one of his suggested three amendments made.
IV. Obama Threatens to Veto Bill
The bill now goes on to the Senate.
President Obama (D) has for a second time threatened to veto [PDF] the bill, should it pass the Senate. On the surface the stand is somewhat puzzling — the President supported a similar Senate bill (S.2105 [PDF]). The President has even pushed through measures similar to the bill’s language with executive orders.
President Obama has threatened to veto the bill. [Image Source: AFP/Getty Images]
One bone of contention appears to be “data cleansing” — removing information irrelevant to an investigation before passing it to the government. Writes his office:
…the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable…for failing to safeguard personal information adequately.
Furthermore, CISPA allows information on internal (domestic) threats to be passed to military and intelligence organizations primarily tasked with the defense of the U.S. against foreign threats, including the U.S. Department of Defense (DOD) and the U.S. National Security Agency (NSA). President Obama preferred the information to solely be controlled by the U.S. Department of Homeland Security (DHS), a domestic security agency.
His office complains:
The Administration supports the longstanding tradition to treat the Internet and cyberspace as civilian spheres…[and] newly authorized information sharing for cybersecurity purposes from the private sector to the government should enter the government through a civilian agency.
Of course the President’s DoD appointees recently declared that internet attacks from foreign powers could be construed as an act of war, so this statement is somewhat inconsistent.
Nonetheless, under the threat of veto don’t expect the Democratic-controlled Senate to be too eager to quickly take up the issue. That means that for now only similar executive orders from President Obama will be in place.
The piracy police made one 9-year-old a very unhappy camper
ZMAX will come with a Snapdragon 400 processor and 720p display
UC Davis dares to go where Toyota won't with the Prius
An Apple spokesperson fires back over Microsoft's latest commercials
Engadget gets the scoop on Dell's latest "ultra-portable" notebook