'Privacy killer' CISPA is coming back, whether you like it or not

'Privacy killer' CISPA is coming back, whether you like it or not

Summary: Dubbed a "privacy killer" by online activists, love it or hate it, the cyber-security CISPA bill will likely be brought into law—whether it's from the reintroduction of the bill by the U.S. House Intelligence Committee, or President Obama issuing (yet another) executive order.

Here's why CISPA is coming back, whether you like it or not. (Credit: Internet Defense League)

Oh, those crazy kids in Washington are back on it again.

In just one week, both the Homeland Security Secretary Janet Napolitano and Defense Secretary Leon Panetta warned that U.S. critical national infrastructure—including water, electricity, and gas networks—were vulnerable to hackers and the U.S. could be hit by a "cyber-9/11".

Napolitano even urged Congress to pass legislation governing areas of cyber-security so that the U.S. government could share information with the private sector, which may help prevent cyber-attacks on infrastructure critical to U.S. national security.

So, that's what they're planning to do. And you can stamp your feet as much as you want, the way it's looking, the proposals will be brought into law whether you like it or not.

And for the record, I'll be there stamping my feet with you.

The cyber-security bill, dubbed CISPA—the Cyber Intelligence Sharing and Protection Act— that was shelved once it passed the U.S. House after the U.S. Senate began work on its own set of measures.

It would have effectively given the green card to American private-sector businesses to hand ordinary citizen data (and therefore potential intelligence) back to the U.S. government in order to thwart primarily cyber-attacks—but also what could potentially be terrorist attacks.

This, as you might expect, caused an uproar among the online community who believed that private companies could effectively hand over data—such as cell phone records, email records, and even Facebook and Twitter data—directly into the hands of U.S. intelligence.

Even the White House was concerned, and threatened to veto the bill altogether.

But now, there are two separate reports that suggest CISPA could be heading back to the Congressional table, but also that President Obama may bypass his lawmakers altogether and issue his own executive order.

First off, according to The Hill, ranking member of the U.S. House Intelligence Committee Rep. Dutch Ruppersberger (D-MD) said he plans to reintroduce CISPA back into the House. By working with the White House directly, Ruppersberger hopes to alleviate some of the government's concerns. 

Failing that, however, Obama could issue an executive order on the matter as soon as next week, according to Bloomberg's sources. It's expected to be released just after the State of the Union address this coming Tuesday.

CISPA was a tricky law to get your head around. It defined cyber-security threats as efforts to "disrupt, degrade, destroy or gain unauthorized access to any system or network, whether privately owned (by a company) or owned by government," said ZDNet's Violet Blue, who covered the topic extensively and in great detail. 

But arguments have been made that suggest such attempts to "disrupt [or] degrade" a network—commonly known as a denial-of-service (DoS) attack—could in fact be a method of online protest.

While some questioned whether DoS or DDoS (distributed denial-of-service) attack are the modern equivalent of a sit-in protest, it is now a matter for the courts to decide, reports Techdirt. The argument is that in some cases it is not a malicious act. There is no malware and nothing is stolen. It is, arguably, when carried for the sole reason of protesting, the same as creating an impromptu flash-mob protest, except using a computer rather a person's physical being.

There was even a petition to the White House on the topic in the last few days that failed to gain traction. Only 6,000 people signed the petition, while 25,000 signatures were needed during a 30-day period to see it earn an official response. (The White House now needs four-times as many signatures after one petition asked the U.S. government to build a Death Star.)

Privacy activist Asher Wolf told ReadWrite last month: "There is no way in hell the White House will ever legalize DDoS."

But as CISPA rears its ugly ahead again, as will those pesky activists who fight on our behalf for our online freedoms and privacy protection.

Web inventor Sir Tim Berners-Lee, along with the American Civil Liberties Union (ACLU), Firefox browser-maker Mozilla, and Reporters Without Borders, among many others, all opposed the Bill.

The bill was, however, supported by AT&T, Facebook, IBM, Intel, Oracle, Symantec, Verizon, and others—although, it was strange considering only months before many of the aforementioned firms came out against the Stop Online Piracy Act (SOPA), which led to the effectively shuting down of the Web for a day.

The CISPA threat led to the Internet Defense League—a threat-level group set up after the SOPA revolt—calling to arms, and asking everyone who cares about online freedom and privacy to get involved to prevent CISPA from becoming law. In a statement, the group that these "bills would end online privacy, treating everyone like criminals instead of making us more secure."

Despite Obama's warnings that he would veto CISPA the first time around, as the past has dictated, if Congress doesn't play ball then the President will just take it and sign an executive order anyway.

Topics: Privacy, Government US, Legal, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • wait who here thinks this isn't already happening?

    Smarten up. Don't put crap online you're worried about everyone else seeing. The US government is the least of your worries about who else will see it.
    Johnny Vegas
    • You forgot 'private' email, too

      Because this would also affect the very private things you do online. Oh, including your ISP, who may well give your browsing history to the U.S. government say, I dunno, they 'suspect' you (which is a very loose term anyway), of accessing something you probably shouldn't have.
    • ah..

      The old "If you're not doing anything illegal, you shouldn't be afraid." defense.

      Seriously dude, did you even read the article before you posted that?
      Benjamin NElson
      • Glad you mentioned that

        Because "I have nothing to hide" doesn't exist. Everyone has something. And, even if you apparently don't, do you still want a bunch of people reading through your files, looking at your pictures, and trampling all over your Fourth Amendment rights?
    • "Don't put crap online...else seeing."

      So it would be okay with you if I read all of your personal e-mails? What about all of the Google searches you have ever looked up?

      How about you give me the passwords to all of your logins on the Internet? I promise I won't change/edit anything. I just want to take a look! You have nothing to hide so why not?

      Send your passwords to the e-mail account listed under my ZDNet profile. Thanks for keeping America safe!
      Urban G
  • Obama won't sign it

    A CISPA-like bill will cause retaliation by people you don't want (any more) retaliation from, and he's no dummy.
  • Here is why ATT, Facebook, and other "surprising" companies support it.

    They support it because it makes things easy for them. They can just turn over everything to the government and no longer have to take any interest in pesky legalisms like warrants, probably cause, etc, etc. These companies already leak like an old boat anyway and this allows them to just throw up their hands and give up.

    And the sheeple will still be out their posting their private lives for the world to see anyway. They will gladly give up their privacy for the illusion of security that will actually accomplish nothing.
  • Does any one remember that we're supposed to be living in a democracy ???

    Executive order is paramount to Dictatorship. What ever happened to "We the People".
    There is a difference between that statement and I the President.
    • Hmmm...

      "We the people" was bought out a long time ago.
    • well..

      If you could get enough people to care, theoretically you could stop it...
      Benjamin NElson
  • Apathy

    They will keep grinding until people engage or apathy wins the day. The policy is becoming rather hypocritical, we scoff at countries like China and the entire Middle East and then turn around and resurrect the same knucklehead bill by corporate shills in congress that are in the pockets of lobbyist. Keep up the good fight Zack.

  • Content Free Article

    This is one of the most misleading and content-free articles I can imagine.

    List your objections to the bill, with actual citations and quotes from the text, and maybe we'll have something to discuss, but this is just FUD.

    As one who spends my working life trying to catch online criminals and help the authorities to arrest them, I can tell you that we need some major reforms in our laws. While there may be some legitimate concerns about this bill, I think it's largely a good idea.
    • Speaking of being vague...

      jquinnjr, what are these 'major reforms in our laws' that you would like to see?
      Urban G
  • This is all very interesting but.

    This is all very interesting, but it's kind of like saying, "Oh give up already because Obama is going to issue a CISPA executive order so it's all done and there's nothing we can do so you may as well go home now."

    Are we all forgetting history here?

    The President, it has been foretold by numerous media sources, will be announcing the CISPA Executive Order from the Commerce Department on Wednesday. Rather than waiting for Congress to make law, the President has decided to do it himself. Interestingly enough, when Truman did exactly the same thing many years ago by providing instructions to the Commerce Department, the U.S. Supreme Court overturned and invalidated his Executive Order in 1952.

    As you may know, a President cannot make law with an Executive Order. In the U.S. Supreme Court case of Youngstown Sheet & Tube Co. v. Sawyer - 343 U.S. 579 (1952), it was decided that "The Order cannot properly be sustained as an exercise of the President's military power as Commander in Chief of the Armed Forces" and "The power here sought to be exercised is the lawmaking power, which the Constitution vests in the Congress alone, in both good and bad times."

    The record of decision in this case further states, "Even if it be true that other Presidents have taken possession of private business enterprises without congressional authority in order to settle labor disputes, Congress has not thereby lost its exclusive constitutional authority to make the laws necessary and proper to carry out all powers vested by the Constitution "in the Government of the United States, or any Department or Officer thereof."

    In short, the "Executive Order was not authorized by the Constitution or laws of the United States, and it cannot stand." Basically this was because Truman attempted to use lawmaking power via an Executive Order.

    President Obama is about to release a cybersecurity Executive Order. Part of the draft text of this Executive Order which I have read, states, relating to "Voluntary Critical Infrastructure Cybersecurity Program," that the Secretary "shall establish" a "voluntary program." This "voluntary program" referred to in the draft (now finalized and about to be released) Executive Order is the Department of Defense - Defense Industrial Base Voluntary Cyber Security and Information Assurance (DoD CISPA rule). This rule (DOD–2009–OS–0183/RIN 0790–AI60) is now final. President Obama's Executive Order is thus an attempt to make law by incorporating this rule into an Executive mandate which would apply across networks, with the President and Administration officials in direct command of an army of private contractors, who would use as described by this proposal, the "Defense Cyber Crime Center's DoD-DIB Collaborative Information Sharing Environment" to let private corporations submit tips to DoD about people accessing "unclassified" networks.

    The Executive Order about to be released is (just as Truman's E.O. 10340 was) an attempt to make law, and therefore is invalid.

    As we reflect on our Fourth Amendment and many other aspects of our Constitution that the Administration has been diligently working to put obstacles in front of so that people will have a more difficult time implementing and exercising their rights, we should remember also these words, from the U.S. Supreme Court decision of Marbury v. Madison:
    "A law repugnant to the Constitution is void(...)"

    President Obama should cease or defer any executive action on this matter and acknowledge the lawmaking authority of Congress.
  • Privacy vs Paranoia

    I have no problem with the neighbors being able to observe almost anything about me but, I don't trust any government or corporate body to that same extent.

    My facebook profile reads "Need to Know (NTK) and, if you're reading this, you don't," and I'm so lazy on facebook that, if you don't know me in person, you'll learn virtually nothing about me anyway. However, I remain amazed at the sort of personal information that people will self-publish.

    "Self-publishing" aside, this is more an issue of information that we are generally forced to supply to corporate and government bodies, including Credit Card details. If all of this information is going to become an "open house" then it equally becomes an "open house" for Identity Theft----I'll just nip over to facebook and self-publish my Tax File Number...