'Privacy killer' CISPA is coming back, whether you like it or not
Summary: Dubbed a "privacy killer" by online activists, love it or hate it, the cyber-security CISPA bill will likely be brought into law—whether it's from the reintroduction of the bill by the U.S. House Intelligence Committee, or President Obama issuing (yet another) executive order.
Oh, those crazy kids in Washington are back on it again.
In just one week, both the Homeland Security Secretary Janet Napolitano and Defense Secretary Leon Panetta warned that U.S. critical national infrastructure—including water, electricity, and gas networks—were vulnerable to hackers and the U.S. could be hit by a "cyber-9/11".
Napolitano even urged Congress to pass legislation governing areas of cyber-security so that the U.S. government could share information with the private sector, which may help prevent cyber-attacks on infrastructure critical to U.S. national security.
So, that's what they're planning to do. And you can stamp your feet as much as you want, the way it's looking, the proposals will be brought into law whether you like it or not.
And for the record, I'll be there stamping my feet with you.
The cyber-security bill, dubbed CISPA—the Cyber Intelligence Sharing and Protection Act— that was shelved once it passed the U.S. House after the U.S. Senate began work on its own set of measures.
It would have effectively given the green card to American private-sector businesses to hand ordinary citizen data (and therefore potential intelligence) back to the U.S. government in order to thwart primarily cyber-attacks—but also what could potentially be terrorist attacks.
This, as you might expect, caused an uproar among the online community who believed that private companies could effectively hand over data—such as cell phone records, email records, and even Facebook and Twitter data—directly into the hands of U.S. intelligence.
Even the White House was concerned, and threatened to veto the bill altogether.
But now, there are two separate reports that suggest CISPA could be heading back to the Congressional table, but also that President Obama may bypass his lawmakers altogether and issue his own executive order.
First off, according to The Hill, ranking member of the U.S. House Intelligence Committee Rep. Dutch Ruppersberger (D-MD) said he plans to reintroduce CISPA back into the House. By working with the White House directly, Ruppersberger hopes to alleviate some of the government's concerns.
Failing that, however, Obama could issue an executive order on the matter as soon as next week, according to Bloomberg's sources. It's expected to be released just after the State of the Union address this coming Tuesday.
CISPA was a tricky law to get your head around. It defined cyber-security threats as efforts to "disrupt, degrade, destroy or gain unauthorized access to any system or network, whether privately owned (by a company) or owned by government," said ZDNet's Violet Blue, who covered the topic extensively and in great detail.
But arguments have been made that suggest such attempts to "disrupt [or] degrade" a network—commonly known as a denial-of-service (DoS) attack—could in fact be a method of online protest.
While some questioned whether DoS or DDoS (distributed denial-of-service) attack are the modern equivalent of a sit-in protest, it is now a matter for the courts to decide, reports Techdirt. The argument is that in some cases it is not a malicious act. There is no malware and nothing is stolen. It is, arguably, when carried for the sole reason of protesting, the same as creating an impromptu flash-mob protest, except using a computer rather a person's physical being.
There was even a petition to the White House on the topic in the last few days that failed to gain traction. Only 6,000 people signed the petition, while 25,000 signatures were needed during a 30-day period to see it earn an official response. (The White House now needs four-times as many signatures after one petition asked the U.S. government to build a Death Star.)
Privacy activist Asher Wolf told ReadWrite last month: "There is no way in hell the White House will ever legalize DDoS."
But as CISPA rears its ugly ahead again, as will those pesky activists who fight on our behalf for our online freedoms and privacy protection.
Web inventor Sir Tim Berners-Lee, along with the American Civil Liberties Union (ACLU), Firefox browser-maker Mozilla, and Reporters Without Borders, among many others, all opposed the Bill.
The bill was, however, supported by AT&T, Facebook, IBM, Intel, Oracle, Symantec, Verizon, and others—although, it was strange considering only months before many of the aforementioned firms came out against the Stop Online Piracy Act (SOPA), which led to the effectively shuting down of the Web for a day.
The CISPA threat led to the Internet Defense League—a threat-level group set up after the SOPA revolt—calling to arms, and asking everyone who cares about online freedom and privacy to get involved to prevent CISPA from becoming law. In a statement, the group that these "bills would end online privacy, treating everyone like criminals instead of making us more secure."
Despite Obama's warnings that he would veto CISPA the first time around, as the past has dictated, if Congress doesn't play ball then the President will just take it and sign an executive order anyway.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
wait who here thinks this isn't already happening?
You forgot 'private' email, too
ah..
Seriously dude, did you even read the article before you posted that?
Glad you mentioned that
"Don't put crap online...else seeing."
How about you give me the passwords to all of your logins on the Internet? I promise I won't change/edit anything. I just want to take a look! You have nothing to hide so why not?
Send your passwords to the e-mail account listed under my ZDNet profile. Thanks for keeping America safe!
Obama won't sign it
Here is why ATT, Facebook, and other "surprising" companies support it.
And the sheeple will still be out their posting their private lives for the world to see anyway. They will gladly give up their privacy for the illusion of security that will actually accomplish nothing.
Does any one remember that we're supposed to be living in a democracy ???
There is a difference between that statement and I the President.
Hmmm...
well..
Apathy
Respect,
-Brent
Content Free Article
List your objections to the bill, with actual citations and quotes from the text, and maybe we'll have something to discuss, but this is just FUD.
As one who spends my working life trying to catch online criminals and help the authorities to arrest them, I can tell you that we need some major reforms in our laws. While there may be some legitimate concerns about this bill, I think it's largely a good idea.
Speaking of being vague...
This is all very interesting but.
Are we all forgetting history here?
The President, it has been foretold by numerous media sources, will be announcing the CISPA Executive Order from the Commerce Department on Wednesday. Rather than waiting for Congress to make law, the President has decided to do it himself. Interestingly enough, when Truman did exactly the same thing many years ago by providing instructions to the Commerce Department, the U.S. Supreme Court overturned and invalidated his Executive Order in 1952.
As you may know, a President cannot make law with an Executive Order. In the U.S. Supreme Court case of Youngstown Sheet & Tube Co. v. Sawyer - 343 U.S. 579 (1952), it was decided that "The Order cannot properly be sustained as an exercise of the President's military power as Commander in Chief of the Armed Forces" and "The power here sought to be exercised is the lawmaking power, which the Constitution vests in the Congress alone, in both good and bad times."
The record of decision in this case further states, "Even if it be true that other Presidents have taken possession of private business enterprises without congressional authority in order to settle labor disputes, Congress has not thereby lost its exclusive constitutional authority to make the laws necessary and proper to carry out all powers vested by the Constitution "in the Government of the United States, or any Department or Officer thereof."
In short, the "Executive Order was not authorized by the Constitution or laws of the United States, and it cannot stand." Basically this was because Truman attempted to use lawmaking power via an Executive Order.
President Obama is about to release a cybersecurity Executive Order. Part of the draft text of this Executive Order which I have read, states, relating to "Voluntary Critical Infrastructure Cybersecurity Program," that the Secretary "shall establish" a "voluntary program." This "voluntary program" referred to in the draft (now finalized and about to be released) Executive Order is the Department of Defense - Defense Industrial Base Voluntary Cyber Security and Information Assurance (DoD CISPA rule). This rule (DOD–2009–OS–0183/RIN 0790–AI60) is now final. President Obama's Executive Order is thus an attempt to make law by incorporating this rule into an Executive mandate which would apply across networks, with the President and Administration officials in direct command of an army of private contractors, who would use as described by this proposal, the "Defense Cyber Crime Center's DoD-DIB Collaborative Information Sharing Environment" to let private corporations submit tips to DoD about people accessing "unclassified" networks.
The Executive Order about to be released is (just as Truman's E.O. 10340 was) an attempt to make law, and therefore is invalid.
As we reflect on our Fourth Amendment and many other aspects of our Constitution that the Administration has been diligently working to put obstacles in front of so that people will have a more difficult time implementing and exercising their rights, we should remember also these words, from the U.S. Supreme Court decision of Marbury v. Madison:
"A law repugnant to the Constitution is void(...)"
President Obama should cease or defer any executive action on this matter and acknowledge the lawmaking authority of Congress.
Privacy vs Paranoia
My facebook profile reads "Need to Know (NTK) and, if you're reading this, you don't," and I'm so lazy on facebook that, if you don't know me in person, you'll learn virtually nothing about me anyway. However, I remain amazed at the sort of personal information that people will self-publish.
"Self-publishing" aside, this is more an issue of information that we are generally forced to supply to corporate and government bodies, including Credit Card details. If all of this information is going to become an "open house" then it equally becomes an "open house" for Identity Theft----I'll just nip over to facebook and self-publish my Tax File Number...