After several months with little movement, the US House Of Representatives Intelligence Committee has decided that now is the time to attempt resurrection of the hibernating monster called the Cyber Intelligence Sharing and Protection Act, or CISPA. That bill, which would allow the government and corporate entities to share a broad range of information surprisingly little oversight, was approved by the Intelligence Committee in December but has not seen a full floor discussion in the months since, possibly due to the bigger controversy surrounding the related, and similarly awful SOPA.
CISPA has been subject to intense criticism from consumer groups as well as civil rights advocates, and on April 18th, in response to that criticism the Intelligence Committee introduced a series of amendments ostensibly meant to address them. Unfortunately, the proposed new amendments do little more than give a cheap face lift to an already badly aged visage. The ACLU's Michelle Richardson has written a useful takedown of the amendments; her post is worth reading in full, but in short:
* The definition of information that may be shared has been edited to remove references to the theft of 'intellectual property'. However, the sharing of information of any type is still allowed under the broad 'cybersecurity' justification. This would allow even intellectual property under a creative interpretation, once again exposing consumers to the risk that CISPA will simply be an end-run around the failure of SOPA and PIPA.
* CISPA still would not require companies to make an effort to remove information that could identify specific individuals outside of the frame of the bill.
* Military agencies, including the NSA, are still allowed to collect a wide range of information about the activity of private, nonmilitary citizens on the public Internet without any civilian oversight. The proposed Amendment only requires that whenever business share such information with the trustworthy people of the military-industrial complex, they CC the Department of Homeland Security.
* The bill still allows the use of collected information for any reason the government deems fit, regardless of regulation, so long as they can concoct a "any lawful purpose" for doing so.
In addition to the reasons outlined above, a careful reading of the proposed amendment also reveals much which remains unchanged, and disturbing. For instance, in subsection 3, clause C iv of the section entitled "Use of Cybersecurity Systems and Sharing of Cyber Threat Information", the prohibition of using proprietary information for unauthorized purposes is excepted if "otherwise directed by The President", leaving open a huge amount of potential abuse of the Executive Order, not to mention an insecure framework that can change overnight simply based on the results of an election, regardless of the law.
Naturally, it must be noted these amendments are simply proposed, they have not been enacted, and could easily be dismissed, meaning CISPA will remain as noxious as it always has been. Fortunately, to the Obama administration's credit, the proposed amendments don't appear to have convinced them of the bill's merit. After they were announced, National Security Council spokesperson Caitlin Hayden made comments suggesting that the Obama White House still does not support CISPA. "The nation's critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone," she said. "[W]hile information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs."
Though these statements are in line with the White House's previous tepid opposition to SOPA and PIPA, they are still a welcome addition to the growing fight to render CISPA stillborn, particularly in light of a possible vote when the bill reaches the House floor next week. Whether or not the bill ever sees a vote however, expect it (or a similar Internet-killer) to remain a salient issue throughout what is shaping up to be a very contentious U.S. Presidential election year.