Thread: CISPA Is Dead (For Now)

CISPA Is Dead (For Now)

The Senate will not take up the controversial cybersecurity bill, is drafting separate legislation

http://www.usnews.com/news/articles/...s-dead-for-now


By Jason Koebler

April 25, 2013 RSS Feed Print

• Comment (16)
• inShare22

Sen. Jay Rockefeller says CISPA's passage was "important," but its "privacy protections are insufficient."

CISPA is all but dead, again.
The controversial cybersecurity bill known as the Cyber Information Sharing and Protection Act, which passed the House of Representatives last week, will almost certainly be shelved by the Senate, according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation.
The bill would have allowed the federal government to share classified "cyber threat" information with companies, but it also provided provisions that would have allowed companies to share information about specific users with the government. Privacy advocates also worried that the National Security Administration would have gotten involved.
[READ: U.S. Military Writes Rules on Cybersecurity While Chinese Hacks Skyrocket]
"We're not taking [CISPA] up," the committee representative says. "Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills."
Sen. Jay Rockefeller, D-W.V., chairman of the committee, said the passage of CISPA was "important," but said the bill's "privacy protections are insufficient."
That, coupled with the fact that President Barack Obama has threatened to veto the bill, has even CISPA's staunchest opponents, such as the American Civil Liberties Union, ready to bury CISPA and focus on future legislation.
"I think it's dead for now," says Michelle Richardson, legislative council with the ACLU. "CISPA is too controversial, it's too expansive, it's just not the same sort of program contemplated by the Senate last year. We're pleased to hear the Senate will probably pick up where it left off last year."
That's not to say Congress won't pass any cybersecurity legislation this year. Both Rockefeller and President Obama want to give American companies additional tools to fight back against cyberattacks from domestic and foreign hackers.
[READ: Lawmakers Who Pushed CISPA Were 'Doxed']
But cybersecurity legislation in the Senate, such as the Cybersecurity and American Cyber Competitiveness Act of 2013, has greater privacy protections than CISPA does. Richardson says that bill makes it clear that companies would have to "pull out sensitive data [about citizens]" before companies send it to the government and also puts the program under "unequivocal civilian control," something CISPA author Rep. Mike Rogers, R-Mich., was unwilling to do.
Even if the Senate gets something done, Rogers and other CISPA supporters will likely have to compromise more than they've been willing to over the past year as Obama has made it clear he will veto legislation that doesn't have more privacy protections.
"The way [Rogers] talks, [the House] has gone as far as they possibly can on privacy," Richardson says. "I don't know if that's true and I'm not sure how they'll respond when the Senate puts something back to them. But if they don't figure out a compromise, they might not get any legislation at all."
The commerce representative says that the Senate committee is "working toward separate bills" to improve cybersecurity, which are currently being drafted. But don't expect these bills soon, as the Senate considers immigration, an Internet sales tax, the aftermath of the Boston bombing and the Federal Aviation Administration's air traffic control crisis in the wake of sequestration.
Richardson says she thinks it'll be at least three months before the Senate takes a vote on any cybersecurity legislation.
"We need to be vigilant as the year moves on to make sure that whatever the next product is, it's not CISPA-lite," she says. "I think this is probably going to take the rest of the year."





This still is a victory for the American people, Thanks to all who fought this terrible Bill, but we still need to stay Vigilant..........Reciprocity

CISPA suffers setback in Senate citing privacy concerns

http://news.cnet.com/8301-13578_3-57581463-38/cispa-suffers-setback-in-senate-citing-privacy-concerns/

A Senate committee chairman said the cybersecurity bill passed by the House is "important," but its privacy protections are "insufficient." A new report suggests separate bills will be drafted.
by Zack Whittaker
April 25, 2013 12:04 PM PDT

(Credit: Shara Tibken/CNET)
The Senate will almost certainly kill a controversial cybersecurity bill, recently passed by the House, according to a U.S. Senate Committee member.
The comments were first reported by U.S. News on Thursday.
Sen. Jay Rockefeller, D-W.Va., the chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said in a statement on April 18 that CISPA's privacy protections are "insufficient."
A committee aide told CNET on Thursday that Rockefeller believes the Senate will not take up CISPA. The White House has also said the president won't sign the House bill.

Related stories:

• CISPA permits police to do warrantless database searches
• CISPA plan to let feds receive confidential data wins big House vote
• ZDNet: CISPA passes U.S. House: Death of the Fourth Amendment?

Staff and senators are understood to be "drafting separate bills" that will maintain the cybersecurity information sharing while preserving civil liberties and privacy rights.
Rockefeller's thoughts on CISPA are significant, because as head of the Commerce Committee, he leads the branch of the Senate that will be the first to debate its own cybersecurity legislation.
Michelle Richardson, legislative council with the American Civil Liberties Union, told the publication that she thinks CISPA is "dead for now," and that the Senate will "probably pick up where it left off last year."
The Cyber Information Sharing and Protection Act, commonly known as CISPA, permits private sector companies -- including technology firms, such as Facebook, Twitter, Google and Microsoft, among others -- to pass "cyber threat" data, including personal user data, to the U.S. government.
This means a company like Facebook, Twitter, Google, or any other technology or telecoms company, including your cell service provider, would be legally able to hand over vast amounts of data to the U.S. government and its law enforcement -- for whatever purpose it deems necessary -- and face no legal reprisals.
Civil liberties groups have called CISPA a "privacy killer," and "dangerously vague," and warned that it may be in breach of the Fourth Amendment.
After CISPA passed the House the first time last year, the Senate shelved the bill in favor its own cybersecurity legislation. Following today's statements, the Senate is edging closer to repeating its actions for a second time.
Correction, 4:44 p.m. PT: An earlier version of this story misidentified the state Sen. Jay Rockefeller represents. He represents West Virginia.

Topics: Internet, Congress, Technology, Cybersecurity, United States, Legislation, Legal Tags: Congress, Cybersecurity, House, CISPA

April 25, 2013 | By Mark M. Jaycox and Nate Cardozo


Civil Liberties Groups and Companies Demand Congress Update Email Privacy Law

https://www.eff.org/deeplinks/2013/0...il-privacy-law



Update: The bill, S. 607, passed out of the Senate Judiciary Committee on a voice vote. It will now go to the Senate floor for a final vote on the bill.
This week a wide range of civil liberties groups and companies demanded the Senate Judiciary Committee update email privacy law, the Electronic Communications and Privacy Act. The act, passed in 1986, purported to allow the Department of Justice (DOJ) access to private communications, including emails and private Facebook messages, with a only subpoena. EFF has long argued, and many courts have agreed, that a warrant is always required. If these same messages were written on paper, the law is clear that the government would need a probable cause warrant before being allowed access. The committee will meet Thursday to decide on whether or not to move the bill forward.
The coalition, which includes EFF, is composed of groups ranging from the Heritage Foundation to the ACLU. The letter supports the bill and urges that the Senate Judiciary Committee vote the bill forward so that it can make its way to the full Senate for final passage. The bill is sponsored by Senators Leahy and Lee and mandates the government obtain a warrant for access to private online communications. The letter notes that the bill:

would create a more level playing field for technology. It would cure the constitutional defect identified by the Sixth Circuit. It would allow law enforcement officials to obtain electronic communications in all appropriate cases while protecting Americans’
constitutional rights.

The bill is widely expected to pass out of committee since the Sixth circuit court ruled in 2006 the "180 day rule" is unconstitutional and that users have an expectation of privacy in their email regardless of age. In a hearing a few weeks ago, the DOJ conceded that it would obtain a warrant instead of a subpoena for private messages older than 180 days. The DOJ's action is an encouraging move; however, more could be done.
Right now the proposed update only ensures a warrant requirement for private online communications. But what's missing is a suppression remedy. In other words, even if law enforcement got hold of your email without a warrant in violation of the revised law, nothing would prevent that illegally obtained evidence from being admitted in a criminal trial.
It's great to see Congress moving on such an important issue, but a suppression remedy would further strengthen the bill. EFF looks forward to the bill advancing in the Senate and will be watching it closely. Tell your Congressmen now to protect your digital rights by updating ECPA.





Files

ecpa_support_4-22-13.pdf
s607asreportedhen13528.pdf

April 24, 2013 | By Trevor Timm


Report: Obama Officials Authorized New 'Cybersecurity' Warrantless Surveillance Program, Fresh Immunity Given to ISPs

https://www.eff.org/deeplinks/2013/0...s-surveillance




Yesterday, in a disturbing report published on CNET, new documents obtained by EPIC reveal that Obama administration officials have authorized a new government program involving the interception of communications on Internet service providers, including AT&T—one of the key players in the NSA warrantless wiretapping program.

Under long-standing federal law, the government needs to use legal process to compel service providers to hand over customer communications, yet reportedly, the government is promising these companies they will not to prosecute them for violating US wiretapping laws if they hand over the information voluntarily. And the secret surveillance authorization seems quite broad, touching on huge swaths of private, domestic activity:

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

CNET reported also that the National Security Agency (NSA) and Department of Defense were “deeply involved in press for the secret legal authorization” further underscoring widespread worries that the military may be given access to Americans’ personal information through cybersecurity operations. The report comes as Congress is debating CISPA, a dangerous bill that carves a “cybersecurity” loophole in all our privacy laws.
While we are still sifting through the more than thousand pages of documents—obtained by EPIC Privacy through the Freedom of Information Act and posted to their website—the most controversial aspect of this program seems to be that the government has not used legal process to obtain Internet traffic from AT&T and other ISPs involved in the program. Instead, the Justice Department has handed them what the Justice Department calls a “2511 letter”—named after a section of the Wiretap Act—which purports to immunize them from prosecution.
Section 2511 makes it a crime to wiretap—intercept electronic communications—with some exceptions, like a properly issued warrant. It provides no exception for a letter from the Justice Department. CNET reported an industry representative told them "the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department."
Beyond what CNET reported, we still need to analyze these new documents to determine how pervasive this surveillance is and its impact on the American public. We are currently reading them over and will have a more detailed analysis soon.






Cyber Security Legislation
NSA Spying




Related Cases

Jewel v. NSA