New CISPA amendments expected — but the fight will go on


As Web users continue to lather themselves into a frothy rage over the Cyber Intelligence Sharing and Protection Act, better known as CISPA, the House Intelligence Committee revealed late Monday night that the bill’s co-sponsors are currently considering changes that they hope will cool down the opposition.

In a “general backgrounder” and “general Q&A” on the bill, which was distributed to reporters prior to a press conference call today, a number of “new provisions” — none of which have yet been approved — will purportedly address criticisms that the bill’s current language provides no repercussions for the misuse of information gathered as a result of CISPA, and that the bill would effectively militarize what is currently a task under civilian authority.

Government liability

The first new provision under consideration would make the U.S. government liable for “damages, costs, and attorney’s fees in federal court action” if the government uses the information gathered under CISPA for any reason other than to protect American “networks or systems” from cyber threats, or if the government collects the data in any way other than through the voluntary hand-over by private companies.

As the Center for Democracy and Technology (CDT) notes, CISPA in its current form could be “could be used to prosecute an individual for any crime,” or “used to target him or her for intelligence surveillance.” The provision above is an attempt to diminish those concerns, as the government could be sued for doing either of those things.

Military limits

Another concern of the CDT and other critics is that CISPA would allow the information collected under the legislation to be shared with any governmental body. The CDT is most concerned that this would include the National Security Agency, and the Department of Defense’s Cybercommand, both of which are military organizations and operate in almost complete secrecy. Currently, the U.S. government’s cybersecurity efforts are under the jurisdiction of the Department of Homeland Security (DHS), which is a civilian organization, and subject to far greater public scrutiny.

Under the next new provision, the DHS would “generally receive copies of all voluntarily shared cyber threat information for the purpose of ensuring that the information was shared for cybersecurity purposes.” Also, the DHS would be responsible for sharing that information with other parts of the federal government. Finally, neither the DOD, nor the Intelligence Community, would have the authority to require that private companies share information with them as a pre-requisite for receiving classified cyber threat intelligence.

Problems remain

Despite these new provisions, critics are still concerned that the bill’s definition of what constitutes a “cyber threat,” or a threat to national security, remain too broad, as any information could potentially be construed to fall into one of these two categories — especially considering that the bill blatantly defines a “cyber threat” as the “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

CISPA’s chief co-sponsor Rep. Mike Rogers (R-MI), disagrees, repeatedly telling reporters during the conference call earlier today that the definition of “cyber threat” is “very limited,” and that the “intended” purpose of the bill is not to go after copyright infringers, but instead to combat against “nation states” like Russia and China who are intent on attacking U.S. businesses and infrastructure.

Another primary concern is that CISPA does not require companies to strip out personally identifying information from the information they share with the federal government — it only “encourages” that they do so, which is entirely different.

As you may have noticed, the primary concern here is CISPA’s broad language. That is to say, it is not what is in the bill that has people worried, it’s what’s NOT in the bill, like a narrower definition of which instances constitute “cyber threats” or “national security,” or explicit prohibitions on the sharing of private information.

Alas, the fight against CISPA will go on at least until the bill goes before the full House, which is expected to happen sometime in the last week of April. Civil liberties groups including the CDT, the Electronic Frontier Foundation, and the American Civil Liberties Union, are reportedly planning to launch a concerted campaign against CISPA sometime next week.

There is still time to fix CISPA, but few have much confidence in the Congress’ ability to craft legislation that will achieve the stated goals without posing new potential threats to privacy and civil liberties. During the conference call, Rep. Rogers and Rep. Dutch Ruppersberger (D-MD), the bill’s other chief sponsor, said that they are open to suggestions for how the bill can be improved. So perhaps there is still hope – but don’t count on it.


Personal info of 30,000-plus Pentagon employees compromised in contractor breach

The Pentagon is facing another security problem after it was discovered that a contractor was responsible for a leak of data that affected more than 30,000 Pentagon employees, both civilian and military.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

The best shows on Netflix in October, from 'Mindhunter’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Movies & TV

The best movies on Netflix in October, from 'The Witch’ to ‘Black Panther’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, subdued humor, or anything in between.
Movies & TV

Tired of Netflix? Here's where to find free movies online, legally

We've spent countless hours digging around the web to find the best sites for streaming free movies online. Not only are all of these sites completely free to use, they're also completely legal and trustworthy.

Download music from YouTube in seconds with these great tools

Ripping audio from YouTube has never been easier, but with so many tools out there, which is the best? In this guide, we teach you how to download music from YouTube with a couple different tools -- just proceed with caution.

Google to shut down Google+ after exposure of 500,000 users’ data

After Facebook revealed that 50 million users may have been exposed as a result of a security vulnerability, Google announced it discovered a bug that left 500,000 Google+ users exposed. It will also shut down Google+.

You need a website, and these tools will help you make it

We compiled a list of the best website builders, both paid and free. If you don't want to pay for someone to make your website and want to do it yourself, this roundup should point you in the direction you want to go.
Social Media

Sick of Facebook privacy scandals? Here's how to protect your personal data

With a number of security scandals in 2018, it has us questioning if we should get rid of Facebook. Here's how to protect your personal data without deleting your account, as well as how to just nuke the thing altogether.

Google Slides now auto-transcribes verbal presentations for real-time captions

A new feature for the Google Slides presentation software uses a computer's built-in microphone to transcribe the words of a speaker in real time, displaying them for everyone to see.

Pixel 3, Home Hub, and Pixel Slate — our first look at all Google’s new devices

Google has taken the wraps off of a slew of new devices, including the Pixel 3 smartphones, Google Home Hub smart display, Google Pixel Slate tablet, and more. We were at the event, and took a ton of photos of all of Google's new products.

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.

PayPal will soon let you withdraw cash at Walmart, but there’s a catch

PayPal has teamed up with Walmart to allow its account holders to withdraw and deposit cash at the store. The service launches at all Walmart stores across the U.S. in early November, but there's a catch.

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.