CISPA Rears It’s Ugly Head…Again…

cispa-is-not-dead

CISPA is a bill that doesn’t seem to want to die, and there are very strong emotions both ways on that fact. The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill that originally was introduced by Republican US Representative Mike Rogers of Michigan in both 2011 and 2013 where it passed the House, but never went past the Senate.

This time, however, it’s Democrat US Representative Dutch Ruppersberger III who is reintroducing CISPA into the House of Representatives as bill HR 234 in 2015. While the early reactions are fairly predictable depending on what side of the argument an individual was on before, there’s still a lot to understand about this bill.

What Is CISPA And Why Should You Care?

The intent of CISPA is clear. This is a security bill that deals with online access to potentially sensitive information. If passed CISPA would allow government agencies, as well as private companies, to share information on potential cyber security threats.

In theory this would allow a swifter and more comprehensive response to threats to cyber security. The idea with this bill is that attacks like the Sony hacking incident and any full cyber attacks on military sites or computers could be more easily tracked and dealt with.

The reason individual voters might care is that this bill allows a large scale sharing of information that currently is considered private. Some privacy advocates see this as an overreach of government supervision, while others worry that there are not enough checks and balances in place to prevent abuse. Others are worried about the scope of power this gives private businesses to prosecute individuals without any official law enforcement supervision.

Is CISPA A Single Party Issue?

CISPA is interesting in that its supporters as well as its detractors seem to cross party lines. There are a number of conservative groups who support CISPA as the next important step to greater security while there are also conservative groups who condemn the bill as being far too vague and offering too much of an overreach.

The same can be said with traditionally liberal or democratic leaning groups. The fact that CISPA was re-introduced by Dutch Ruppersberger III shows that there is bi-partisan support for the idea of a cyber security bill that helps deal with these new attacks in the information age, but finding common ground seems to be a sticking point.

What Are The Sticking Points With CISPA?

The largest sticking point for opponents of this CISPA bill is the language. In the past many security bills have had intentionally vague language to allow the government greater leniency in how they interpreted the bill and how it could be acted upon.

The problem with having vague language in a security bill that involves corporations is the worry that this could be abused. What if Facebook, Google, or Amazon could sell private data to one another or to other companies? While this does not seem to be the intention of the CISPA bill, there’s questions about whether or not the current language prevents that very breach of privacy from happening.

The additional issue that seems to be coming up with Representative Ruppersberger’s version is that it doesn’t seem to be revised from the last failed bill. The same issues seem to exist in this version that doomed the previous one.

President Obama has commented on putting forward a cyber security bill that would attempt to address the same issues that CISPA is meant to handle, while attempting to also take on some of the concerns about restrictions on when the data can be gathered, and especially on shielding agencies or companies from prosecution if they abuse the powers this bill would grant them.

What Are The Chances Of CISPA Passing?

CISPA has failed twice already to make it to a vote in the Senate. There’s no guarantee it would pass there, either, and President Obama has already made the statement that CISPA as is would be vetoed.

The recent Sony cyber attacks and growing online threat still will put on the pressure to pass some type of a bill to deal with them. Whether CISPA is that bill or not remains to be seen.

Texas Email Privacy Law Now The Strongest In The Nation

On June 14, 2013, Texas governor Rick Perry signed an unprecedented online privacy bill into law.  The bill, HB 2268, previously passed unanimously in both the Texas House and Senate.  The new law demands that Texas law enforcement acquire a warrant before searching private email and other online data, giving Texans the strongest Internet privacy protection in the country.

The law takes steps toward updating the 1986 Electronic Communications Privacy Act (ECPA), a still-in-effect federal law that allows law enforcement officials to access any citizens’ email and other online data without a warrant after 180 days.  An unopened email sitting on a server for six months, for example, or any opened email regardless of its age, could be used in an investigation without a warrant in most states.  This new act will give Texan inboxes greater protection from state investigations, but federal law enforcement still may access data without warrants by going straight to Internet service providers under the ECPA.

Advocates for online privacy see the Texas law as the beginning of a shift that may eventually reach Washington and federal policy.  Organizations such as the Electronic Frontier Foundation and the ACLU are both vocal supporters of the Texas law.  Chris Soghoian, senior policy analyst at the ACLU, has said that the passing of the bill “sends a signal to Congress.  It sends a signal to conservative members who might not yet be on board that this is something being supported in their own states and it helps the courts to see that this is a safe space to venture into.”  Hanni Fakhoury, staff attorney at the Electronic Frontier Foundation, also noted the Texas example as indication of bipartisan support for this civil liberties issue: “it’s significant proof that privacy reform is not only needed but politically feasible.”

A sea change in American digital privacy policy would involve reform of the 1986 ECPA, and there are suggestions of this potential shift at the federal level.  Elana Tyrangiel, acting Assistant Attorney General at the Department of Justice Office of Legal Policy, testified before Congress in March that provisions like the 180 day rule in the ECPA “may have made sense in the past but have failed to keep up with the development of technology.”  She also noted, referring to the Stored Communications Act (SCA) that allows for inbox-mining under the ECPA, how “acknowledging that the so-called ‘180-day rule’ and other distinctions in the SCA no longer make sense is an important first step.”

Much of technology and privacy policy in the United States was developed before smart phones, before Facebook messaging, before geo-tagging devices; and a recognition of outdated laws in other states may soon follow Texas’ lead.  A similar bill recently passed in the California Senate (SB 467), and a domino effect amongst other state legislatures may ultimately encourage a change in federal privacy policy.