CISPA: What now?

CISPA What Now

Despite cries of protest, the House of Representatives approved the Cyber Intelligence Sharing and Protection Act (CISPA) in a rush vote on Thursday. The cybersecurity bill, which makes it easier for the government and businesses to share information, passed easily, with a vote of 248 to 168, following the adoption of a number of amendments. Though CISPA may have crossed one key hurdle, the battle against the legislation is far from over. Here, a concise rundown of everything you need to know about CISPA now.

Problems before House vote

Even before CISPA debate began yesterday, things had already gone awry for privacy advocates. The House Rules Committee on Wednesday whittled down the number of amendments allowed to go up for consideration from 43 to just 16, cutting out provisions that would have made CISPA far less dangerous, from a civil liberties standpoint. Some of those included requiring businesses to strip all data of personally identifiable information, and one amendment that would have prohibited the shared data from landing in the hands of military and spying agencies, like the National Security Agency.

On Tuesday, the Center for Democracy & Technology said they would not oppose CISPA’s passage in the House. But after the exclusion of key amendments — specifically, amendments that would have blocked the flow of information directly to the NSA, and the prohibition of using shared data for national security issues unrelated to cybersecurity — the CDT once again came out in opposition to the bill, saying that the bill’s leaders (House Intelligence Committee Chairman Rep. Mike Rogers and Ranking Member Rep. Dutch Ruppersberger) had reneged on their promise to meet certain privacy demands by blocking the amendments.

What happened in the House

During hours of debate, the House approved 11 amendments to CISPA. You can see the full list here (2 through 12 were approved; 1, 13, and 14 were not). Of these, perhaps the most important amendment is the one proposed by Rep. Bob Goodlatte (R-VA), which limits the way information shared under CISPA to that which is “directly pertaining to” threats, vulnerabilities, or unauthorized access to a system or network. The Goodlatte amendment (pdf) also makes it explicitly clear that information pertaining to the violation of businesses’ Terms of Service do not qualify as “cyber threat intelligence” under CISPA, and thus may not be shared.

Another notable amendment is a sunset provision (pdf) submitted by Rep. Mick Mulvaney (R-SC), which limits the life of CISPA to five years after the date of enactment. After that time, the bill must be re-approved by Congress.

The most controversial amendment approved is the Quayle amendment, which says that information shared under CISPA may “only” be used for the following five purposes:

  1. cybersecurity;
  2. investigation and prosecution of cybersecurity crimes;
  3. protection of individuals from the danger of death or physical injury;
  4. protection of minors from physical or psychological harm; and
  5. protection of the national security of the United States

Prior to the adoption of this amendment, CISPA allowed information to be shared for “cybersecurity” or “national security” purposes, but did not outline any specific ways law enforcement may use the data, as it does now. Because the language did not lay out any specific uses, privacy advocates feared the government could justifiably use the data to investigate and prosecute other crimes, even if they had had nothing to do with cybersecurity or national security.

Some privacy advocates believe that the Quayle amendment is a bad one because it explicitly expands the ways with which the government may use CISPA data to include things that have nothing to do with cybersecurity or national security. The CDT, however, sees the Quayle amendment as an improvement, since it limits the non-cybersecurity or national security uses to “protection of individuals from the danger of death or physical injury” and “protection of minors from physical or psychological harm.” Of course, given that many things on the Internet could be construed as potentially causing children psychological harm, this may not be much of a reassurance. But it definitely seems better than giving the federal government a more-or-less blank slate.

So, in short, CISPA has gone through some necessary changes, from a privacy and civil liberties standpoint, but there is still quite a lot of work to be done for it to be a “good” piece of legislation.

What happens next

CISPA now heads to the Senate, where a number of other cybersecurity bills have wallowed in legislative limbo for years. Chances are good that CISPA will face greater resistance in the Democrat-controlled Senate than it did in the House. And it may change significantly, or merge with other cybersecurity bills altogether. This is increasingly likely, given the fact that President Obama has indicated that he will veto CISPA if it does not provide adequate privacy protections and explicit protections for critical infrastructure. (An amendment that would have satisfied the latter complaint was shot down in the House as well.)

Regardless, Senate Majority Leader Harry Reid (D-NV) has indicated that he plans to move with cybersecurity legislation of some kind in May, though he has not spoken publicly about CISPA specifically. So CISPA’s fate in Congress remains uncertain for now, but we will likely see some further movement on it in the coming weeks.

In the mean time, the fight over CISPA will surely continue, with privacy and civil liberties groups, including the CDT and the Electronic Frontier Foundation (EFF), committed to fighting the bill as it moves to the Senate.

“Hundreds of thousands of Internet users spoke out against this bill, and their numbers will only grow as we move this debate to the Senate,” said Rainey Reitman, EFF Activism Director, in a statement. “We will not stand idly by as the basic freedoms to read and speak online without the shadow of government surveillance are endangered by such overbroad legislative proposals.”

Movies & TV

HBO’s Deadwood movie rustles up a trailer and a release date

This spring, HBO's long-awaited Deadwood movie will explore what happened 10 years after the events of HBO's award-winning drama, giving the series a finale 13 years after the show was canceled.

5G's arrival is transforming tech. Here's everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.
Emerging Tech

Researchers gave alligators headphones and ketamine, and all for a good cause

Researchers in Germany and the United States recently gave ketamine and earphones to alligators to monitor how they process sounds. Here's what it reveals about alligator evolution.

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.
Movies & TV

No TV? No problem. Here's how to watch the Final Four online

Whether you want to watch the Big Dance on your phone or on your smart TV, we have the lowdown on all the ways to watch March Madness you can handle. Grab your foam finger and some nachos.

Patreon is having another go at changing the way it charges creators

Patreon messed up pretty badly the last time it tried to change its payment system. Now it's having another go, though this time the changes mainly affect future sign-ups rather than its current community of creators.

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. But with so many subreddits to choose from, exploring them can be overwhelming. Here are some of the best subreddits to get you started.

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.

You can now listen to Google Podcasts on your desktop without the app

The Google Podcasts app is no longer entirely necessary to listen to the podcasts it offers. With a simple tweak of the sharing URL, you can listen to a Google Podcasts podcast on your desktop or laptop without the app.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.