The Internet has been in an uproar since the Cyber Intelligence Sharing and Protection Act (CISPA) was rushed through the US House of Representatives on Thursday. Why the bill was rushed, the tally of its final count, and what happens next have all been hot in the news. My goal today is to bring you a simple, easily digestible picture of where we are in regards to CISPA, what might happen next, and what should be done.
Now, as always, this post is not political in the normal sense. We’re not advocating a party, or a politician, and certainly not an ideology. Instead, our subject is narrow: CISPA, and what it might mean for the technology world. That makes it cogent, nay, critical for our continued discussion.
So, if our prose runs a touch sharper, and our analysis a bit more overt and pointed than what you might normally find on TNW, that’s why. Obviously, some elements of this post are perspective. We’ll treat you like an adult and assume that you can sift simple fact from commentary. If you can’t, head here.
And of course, if you don’t know much about CISPA, but want a bit of a primer, this is for you.
Let’s step back a moment and catch our breath. On the 26th, Thursday, the bill was voted on in the House, preceded by the addition of a number of amendments. The general view among privacy-focused groups is that the amendment process was a failure. The issues that exist in the bill were not fixed. TechDirt had a rather succinct explanation of what went down in its must-read post “Insanity: CISPA Just Got Way Worse, And Then Passed On Rushed Vote.” Essentially, an amendment was approved that, under the guise of being constrictive, instead resulted in the “adding [of] more items to the list of acceptable purposes for which shared information can be used.”
At the same time, amendments from House members such as Rep. Schiff failed to find their way to passage, not even making it to the final voting process, in many cases.
To sum this up: the bill was rushed to vote a day early, with limited, constrained debate on only some proposed amendments, and was thus ushered past the House with many still blinking, wondering what in all heck had just happened. Certainly, the media was a bit turned ’round, when the bill’s schedule jumped the gun. Now, what next?
The Senate and its Woes
Most people are up to date as to what happened in the House, and now you are as well. However, what comes next can be a bit hard to parse, so we’re going to make it simple for you.
CISPA has passed the House. It now heads to the Senate. The Senate can pass the bill in an up and down vote, and send it to the President’s desk, but that is very unlikely. The President has already threatened to veto the bill, citing its flaws, so to pass CISPA in its current form would be a fool’s errand. Also, such passages are not exactly common when it comes to bills that are complex, such as CISPA, and have already been amended several times.
Now, there are two bills currently in the Senate that deal with cybersecurity. They are the McCain bill, and the Lieberman bill. Those bills, in theory could be amended, and then reconciled with CISPA, and then each voted on by both houses of Congress, at which point they would end up on Obama’s desk.
If the two bills in the Senate are better than CISPA at protection privacy, then it would stand to reason that they could be used to mark up the core of the bill, and thus allow for something more measured and safe to pass. It’s not outside the realm of reason. However, as the two bills themselves have serious issues, it is strongly signaled that they will not lead to much, if any improvement.
A CDT analysis found both bills have broadly written provisions that would:
- Share private communications with the National Security Agency and other federal entities, or with any other federal agency designated by the Department of Homeland Security.
- Monitor private communications passing over the networks of companies and Internet service providers.
- Employ countermeasures against Internet traffic.
That’s quite damning. But, that needs a firm dose of perspective. The Lieberman bill, which some have hailed as more moderate than the McCain-backed legislation, has been changed over the course of its life. Again from the Monitor:
In an effort to smooth passage, one provision has already been removed from the Lieberman-Collins bill that critics claimed would have given the president a “kill switch” to essentially turn off the Internet.
That’s where these bills have come from. That’s not even left field, that’s the parking lot. For a bit more, the EFF, as always, is a great resource.
I highlighted the issues with the Senate bills to make a single point: the idea that reconciliation and further amendment of CISPA and the Senate-backed bills into something safe and functional is a canard. There is no CISPA-panacea waiting in the Senate, or at least there isn’t one yet. And given the strong support of CISPA by the GOP, I doubt that they would allow for a whole cloth revamping of CISPA in the Senate, which would require 60 votes to override the all but certain veto. So, even if the Senate majority had the right perspective, it wouldn’t mean much. And they don’t.
So, what can we do? With CISPA, I don’t think much. I can’t see a way forward for CISPA and its Senate compliments towards passage as complete, good bills. Therefore, a new piece of legislation will have to be drafted. For the next round, let’s hope that the bill that is conjured is a bit less odious than what we have been offered thus far.
One final thought: proponents of CISPA have been stating in no uncertain terms that CISPA needs to be passed in order to protect the country now. Putting aside the quip about the man and his love of security over liberty, it’s an honest question: if we delay CISPA, and try again, aren’t we putting ourselves at risk? Answer: in a way, yes, and it’s worth it.
If we delay and produce a better bill, it will pay for itself; the risk is worth the reward. Anyone who wants to pass CISPA now, and then repeal it later and replace it with something better is dreaming. You can’t blame those of us who demand privacy for a bad bill, and we can’t have the blame for that bad bill’s failure pinned to our chests when we say no to it; the blame falls on those who wrote it, and those who voted to pass it.
Perhaps even more importantly: it’s somewhat hard to say, given the time it takes for such bills to ramp up, from a government and private enterprise perspective, that to say a delay for a new bill would lead to a large time-gap is at best likely, and at the other extreme, yet another false attempt to create urgency.