A highly controversial bill in the US may have hit a new roadblock. President Obama has threatened to veto CISPA (Cyber Intelligence Sharing and Protection Act), a bill that would increase surveillance of American citizens.
CNet is reporting that the Obama administration is threatening to veto the latest surveillance bill, CISPA. The White House statement says, “The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public’s trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections.”
While critics of CISPA are no doubt getting a sense of relief from the news, some like Demand Progress, are still urging people to add their voice to the growing list of people concerned about the law.
Even though there is growing momentum to stop this surveillance bill, some might remember a different piece of legislation which Obama threatened to veto, but never did. That would be the National Defense Authorization Act of 2012 (NDAA) which would permit the government to indefinitely detain American citizens should the president not issue a waver saying otherwise. On the other hand, CISPA is different in that it doesn’t contain as many provisions that would make the bill a “must pass” piece of legislation. So, there is reason for critics of CISPA to be cautiously optimistic in this case.
Even if CISPA does get vetoed, many well-tuned privacy experts will know that the war over personal privacy is far from over. This is because there is still another piece of legislation known as HR 1981 or the “Protecting Children From Internet Pornographers Act of 2011″. According to a report on Slashgear earlier this year, the legislation would effectively compel ISP’s to record all your internet activities, regardless of whether or not you’ve done anything wrong, and store it for a period of one year. So, even if Obama veto’s CISPA, it won’t mean that privacy is fully protected now.
Some Background on CISPA
CISPA was widely seen as a sort of SOPA 2.0 in its earlier iteration. This is partly because it would make ISPs funnel internet traffic information to the government or any number of private entities should a “cyber threat” be detected. This included activities involving intellectual property.
While this was a major concern for many, a later iteration of the bill removed provisions that mentioned intellectual property.
While this fixed the SOPA 2.0-like provisions, critics point out that CISPA still allows the government to have too much access to network traffic on the Internet. For instance, the Electronic Frontier Foundation made the following comments on CISPA:
Under CISPA, private companies may spy on user communications, whether stored or in transit, and freely pass personal information to the government as long as they claim a vague “cybersecurity” exception. In a press call, Rep. Rogers stated that the bill “does not provide any authority for the government to monitor private networks or read private e‑mail,” yet the bill allows private companies to use vaguely defined “cybersecurity systems” to “identify and obtain” information on any relevant cyber threat and then send the communications (without de-identifying the data) to the government. As long as companies act in “good faith” and the collection is for a “cybersecurity purpose”—a purpose as vague as protecting or securing any network from degradation or disruption—there are no limits on what type of information can be intercepted and shared. In short, surveillance would be outsourced to private companies that are not governed by the Fourth Amendment.
The EFF has also called CISPA an erosion of civil liberties.
The American Civil Liberties Union (ACLU) also commented on the legislation:
Think for a minute about all the things in your life that are kept on computers, but you would like to keep private. How about your medical records? Your banking and financial records? What about your education or library records? How about the things you bought on Amazon last year? Or those love letters you emailed? Or the political opinions you share with close friends? Do you think the bureaucrats and spies at the National Security Agency have any right to gather that information on you, when you’ve done absolutely nothing wrong? What if we tell you that once the NSA has the information, it can keep it forever, share it with whomever it deems necessary, and that no court will be able to look over the NSA’s shoulder and keep it in check? Yet that is exactly the scheme envisioned by the champions of CISPA.
“The basis for the Administration’s view is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction. We would also draw the White House’s attention to the substantial package of privacy and civil liberties improvement announced yesterday which will be added to the bill on the floor. The SAP was limited to the bill in “its current form” – however, as the bipartisan managers of the bill announced yesterday – they have agreed to a package of amendments that address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans. Congress must lead on this critical issue and we hope the White House will join us.”
Congress Vows to Make Amendments
In the wake of the veto threat, it seems that Congress is considering amendments to the legislation as part of an effort to gain the presidents signature. From the International Business Times (Hat tip):
One of the amendments being proposed in order to tackle these concerns would limit the scope of when CISPA’s provisions could be enacted to cases that concern cyber attacks and crimes, national security threats, violence, theft and child pornography issues. This would help to stop it from being used to target legal free speech that the government may be concerned about that does not seem to indicate a major threat.
Another amendment is aimed at ensuring that companies are more liable for their decisions to hand information over to the government, as well as what information they release, than they would have been under the original bill.
Whether or not such amendments would stave off a veto remains to be seen.