Sunday, April 29, 2012

Insanity: CISPA Got Way Worse, And Then Passed in the House On Rushed Vote

from the this-is-crazy dept
by Leigh Beadon - TechDirt
Thu, Apr 26th 2012

Update: Some have asserted that Quayle's amendment actually made CISPA better, not worse. Thoughts on that.

Until Thursday afternoon, the final vote on CISPA was supposed to be Friday. Then, abruptly, it was moved up to last Thursday—and the House voted in favor of its passage with a vote of 248-168. But that's not even the worst part.

The vote followed the debate on amendments, several of which were passed. Among them was an absolutely terrible change (pdf and embedded below—scroll to amendment #6) to the definition of what the government can do with shared information, put forth by Rep. Quayle. Astonishingly, it was described as limiting the government's power, even though it in fact expands it by adding more items to the list of acceptable purposes for which shared information can be used. Even more astonishingly, it passed with a near-unanimous vote. The CISPA that was just approved by the House is much worse than the CISPA being discussed as recently as Wednesday.

Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more "valid" uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children.
Cybersecurity crime is now defined as any crime involving network disruption or hacking, plus any violation of the CFAA.

Illegally downloading a single MP3 means you have violated CISPA. Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government's power.

CISPA is now a completely unsupportable bill that rewrites (and effectively eliminates) all privacy laws for any situation that involves a computer. Far from the defense against malevolent foreign entities that the bill was described as by its authors, it is now an explicit attack on the freedoms of every American.


Can CISPA Be Fixed?
from the perhaps-not dept

For quite some time now it has been argued that the government should present the actual evidence for why a "cybersecurity" bill is needed. We've heard fearmongering and warnings of planes falling from the skies, but no evidence that there's a real problem here -- or, if there is a problem, that it needs a legislative solution. And CISPA moves forward, passing  the House on Thursday.

Larry Downes has taken on the question of whether or not CISPA can be fixed and has decided that it cannot be, and that it represents a real threat to some key elements of the internet ecosystem. He lists out some key rules for policy makers (and goes into great detail on each, so click through):

  1. Don’t legislate technology using definitions that are either too specific or too general. 
  2. Don’t legislate technology until you can articulate concrete and calculable harms
  3. Don’t encourage or require information sharing with the government unless it’s unavoidableAll of this seems quite reasonable... which is why it's an uphill battle to get people to follow through on it.