Skip to main content

State of the Web: Zombie CISPA will rise from the grave (but don’t freak out yet)


Lock and load, Internet rights warriors – CISPA is coming back from the dead.

The Cyber Intelligence Sharing and Protection Act, or CISPA – one of 2012’s most reviled pieces of Internet-related legislation – is expected to be reintroduced to the House of Representatives on Wednesday by Rep. Mike Rogers (R-MI), chairman of the House Intelligence Committee, and ranking Democrat Rep. Dutch Ruppersberger of Maryland. Needless to say, Internet rights advocates have already started prepping for a battle with the undead.

Related Videos

CISPA’s stated purpose is to make U.S.-based computer systems safer by the federal government and private businesses sharing information. But rights groups say the bill would trample our Fourth Amendment right against “unreasonable searches and seizures,” because our information could theoretically be passed on to shadowy government organizations like the National Security Agency, and the Department of Defense. (That is to say, more than it is already.)

The version of CISPA set for reintroduction this week is not yet public, but reports indicated that it will be more or less a duplicate of the previous version (PDF), which passed the House last year after the addition of numerous amendments, but later died in the Senate. If the new CISPA is identical to the old CISPA, the bill would override all existing privacy laws to make it easier for the government to share classified “cyber threat” data with businesses, and for businesses to share information about their customers and users without threat of committing a crime or losing out in a lawsuit, for purposes of “cybersecurity” or “national security” – a term so vague that it could mean almost anything.

“Companies that share information would get complete liability protection, meaning they would no longer be held accountable by their customers or even the government if they negligently or recklessly mishandle information,” wrote Michelle Richardson in The Hill last April. “Once in government hands, information can be used for any lawful purpose so long as a significant purpose is cybersecurity or national security.”

Lay of the land

Soon after the first report of CISPA’s return hit the Web, rights group Fight for the Future launched, which urges people to sign a petition in protest of Zombie CISPA, and to call Members of the House Intelligence Committee to let them know “that voters don’t support this bill.” At the time of this writing, some 28,000 people have signed the petition, according to the group.

As impressive as that may be, I expect that the fight against Zombie CISPA will take place on a far muckier battlefield this year thanks to a recent wave of high-profile cyberattacks. Just last week, The New York Times, the Wall Street Journal, and other news organizations reported cyberattacks on their networks and reporters’ email accounts by actors in China. And on Sunday, the Washington Post reported that U.S. National Intelligence Estimate recently concluded that the U.S. is a primary target of “cyber-espionage” that is “threatening the country’s economic competitiveness.”

Additionally, Rep. Rogers took to CBS News’ “Face the Nation” to sell his forthcoming bill.

“We’re getting robbed every single day,” said Rogers of current U.S. cybersecurity preparedness. “We have, as the U.S. government, set up lawn chairs, told the burglars where the silver is – in the bottom drawer – and opened the case of beer and watched them do it.”

In short: Anyone who is paying cursory attention to cybersecurity-related news likely knows two things: We are getting attacked on a regular basis. And Members of Congress are trying to do something about it. They may be thinking, in other words, that CISPA is a good idea. Add this to the fact that, last time around, some 800 companies, including technology giants like Facebook and IBM, either directly or indirectly supported CISPA, and the anti-CISPA crowd faces an even steeper uphill battle this year – a battle that they did not win last time, anyway.

Last word

Until we see the exact text of Zombie CISPA, it is impossible to assess the bill. But if this is the first you’re hearing about it, remember this: We are under attack. We do need to improve our cybersecurity legislation. But CISPA is probably not the right way to go about it.

Overall, it is still too soon to know how concerned we should be about Zombie CISPA. This uncertainty is amplified due to the fact that, according to The Hill, President Obama is expected to issue a long-anticipated executive order on Wednesday that would set cybersecurity standards for critical infrastructure networks, and make it less risky for businesses to share information about malware and other cyber threats with the government, without fear that they will take a hit in reputation or on the stock market for being seen as vulnerable to attack. If that happens, CISPA may be the least of our worries – or get shelved entirely.

Regardless of what happens on Wednesday, I believe the proper path to effective and constitutional cybersecurity policy requires all parties involved to take a deep breath, and resist the urge to freak out. Measured approaches on both sides of the debate are essential. Gut reactions are not.

Editors' Recommendations

WhatsApp rolls out real-time location-sharing feature for iOS and Android

We've all been there. You're heading to a friend's place and running late. Said friend impatiently texts you, asking where you are. You text back, and the frustrating exchange continues until you finally, apologetically meet up. Good news if you're a WhatsApp user, though: Your phone can handle the back-and-forth for you.

On Tuesday, October 19, the Facebook-owned messaging app announced Live Location, a new feature that lets you share your real-time coordinates with one or more WhatsApp chat buddies. It's encrypted end to end to ensure privacy, Facebook says, and has an expiration timer that automatically stops location sharing after a predefined window.

Read more
Don't count smartwatches out just yet: New Android Wear watches may boost sales
huawei watch 2 news mwc 2017  25

It's been a common refrain for almost a year, now: The smartwatch industry died before it hit its stride. Case in point? Market analysts at IDC reported that Apple, one of the most successful smartwatch makers on the market, saw sales of its eponymous Apple Watch fall from 3.9 million in 2015 to just 1.1 million in mid-2016. But if rosier projections turn out to be true, smartwatches and wearables might finally come around over the next few months.

According to a new report from Canalysis, people will buy 18 percent more smartwatches in 2017 than they did the previous year, driving total annual sales to rise to $10 billion. Specifically, the firm expects shipments of as many as 28.5 million smartwatch units this year, and a subsequent decline in sales among traditional watchmakers.

Read more
Perspective is a new tool from Google that helps weed out ugly comments online
bangladeshi bank heist foiled by spelling mistake internet hacking dark net

If you're looking for a human cesspool, there is no better place to visit than the comment section of a YouTube video, a news article, or really, just about any anonymous public forum. But now, Google might have something of a solution. It's called Perspective and it is a new technology from Google and Jigsaw (an Alphabet company focused on security) that employs machine learning to identify toxic comments. Once these comments are identified, publishers or users can start to weed them out.

According to a Google blog post announcement, 72 percent of American internet users have seen online harassment, and nearly 50 percent have experienced it themselves. "This problem doesn’t just impact online readers. News organizations want to encourage engagement and discussion around their content, but find that sorting through millions of comments to find those that are trolling or abusive takes a lot of money, labor, and time," Google noted. "As a result, many sites have shut down comments altogether. But they tell us that isn’t the solution they want. We think technology can help."

Read more