New CISPA amendments expected — but the fight will go on


As Web users continue to lather themselves into a frothy rage over the Cyber Intelligence Sharing and Protection Act, better known as CISPA, the House Intelligence Committee revealed late Monday night that the bill’s co-sponsors are currently considering changes that they hope will cool down the opposition.

In a “general backgrounder” and “general Q&A” on the bill, which was distributed to reporters prior to a press conference call today, a number of “new provisions” — none of which have yet been approved — will purportedly address criticisms that the bill’s current language provides no repercussions for the misuse of information gathered as a result of CISPA, and that the bill would effectively militarize what is currently a task under civilian authority.

Government liability

The first new provision under consideration would make the U.S. government liable for “damages, costs, and attorney’s fees in federal court action” if the government uses the information gathered under CISPA for any reason other than to protect American “networks or systems” from cyber threats, or if the government collects the data in any way other than through the voluntary hand-over by private companies.

As the Center for Democracy and Technology (CDT) notes, CISPA in its current form could be “could be used to prosecute an individual for any crime,” or “used to target him or her for intelligence surveillance.” The provision above is an attempt to diminish those concerns, as the government could be sued for doing either of those things.

Military limits

Another concern of the CDT and other critics is that CISPA would allow the information collected under the legislation to be shared with any governmental body. The CDT is most concerned that this would include the National Security Agency, and the Department of Defense’s Cybercommand, both of which are military organizations and operate in almost complete secrecy. Currently, the U.S. government’s cybersecurity efforts are under the jurisdiction of the Department of Homeland Security (DHS), which is a civilian organization, and subject to far greater public scrutiny.

Under the next new provision, the DHS would “generally receive copies of all voluntarily shared cyber threat information for the purpose of ensuring that the information was shared for cybersecurity purposes.” Also, the DHS would be responsible for sharing that information with other parts of the federal government. Finally, neither the DOD, nor the Intelligence Community, would have the authority to require that private companies share information with them as a pre-requisite for receiving classified cyber threat intelligence.

Problems remain

Despite these new provisions, critics are still concerned that the bill’s definition of what constitutes a “cyber threat,” or a threat to national security, remain too broad, as any information could potentially be construed to fall into one of these two categories — especially considering that the bill blatantly defines a “cyber threat” as the “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

CISPA’s chief co-sponsor Rep. Mike Rogers (R-MI), disagrees, repeatedly telling reporters during the conference call earlier today that the definition of “cyber threat” is “very limited,” and that the “intended” purpose of the bill is not to go after copyright infringers, but instead to combat against “nation states” like Russia and China who are intent on attacking U.S. businesses and infrastructure.

Another primary concern is that CISPA does not require companies to strip out personally identifying information from the information they share with the federal government — it only “encourages” that they do so, which is entirely different.

As you may have noticed, the primary concern here is CISPA’s broad language. That is to say, it is not what is in the bill that has people worried, it’s what’s NOT in the bill, like a narrower definition of which instances constitute “cyber threats” or “national security,” or explicit prohibitions on the sharing of private information.

Alas, the fight against CISPA will go on at least until the bill goes before the full House, which is expected to happen sometime in the last week of April. Civil liberties groups including the CDT, the Electronic Frontier Foundation, and the American Civil Liberties Union, are reportedly planning to launch a concerted campaign against CISPA sometime next week.

There is still time to fix CISPA, but few have much confidence in the Congress’ ability to craft legislation that will achieve the stated goals without posing new potential threats to privacy and civil liberties. During the conference call, Rep. Rogers and Rep. Dutch Ruppersberger (D-MD), the bill’s other chief sponsor, said that they are open to suggestions for how the bill can be improved. So perhaps there is still hope – but don’t count on it.

Smart Home

Can new laws protect you from smart home security breaches?

To help combat smart home data breaches, state and federal lawmakers are exploring ways to protect consumers. California, Oregon, and members of the U.S. Senate all have proposals to protect people's data.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

The best movies on Netflix in March, from Buster Scruggs to Roma

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Movies & TV

The best shows on Netflix right now (April 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Social Media

How to protect yourself from GoFundMe scams before donating

Can you spot a GoFundMe scam? While the fundraising platform says scams make up less than a tenth of one percent of campaigns, some do try to take advantages of others' charity -- like a case last year that made national news.

House votes to restore net neutrality rules, but effort faces long odds

The U.S. House of Representatives has approved the Save the Internet Act, a measure intended to restore net neutrality rules that were repealed in 2017 by the Federal Communications Commission.

The FCC and White House want to bring high-speed internet to rural areas

The FCC and the White House unveiled new initiatives to bring high-speed internet to rural areas, including $20.4 billion in incentives to companies to build infrastructure. The FCC also announced ways to speed up the rollout of 5G.

Search all of Craigslist at once with these great tools on web and mobile

Not finding what you need in your local area? Craigslist can be great for finding goods and services from further afield too. All you need do is learn these tips for how to search all of Craigslist at once.

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Evidence of an Internet Explorer zero-day exploit capable of letting hackers steal files from Windows PCs was published online by a security researcher who also claims Microsoft knew of the vulnerability and opted not to patch it.

Buying airline tickets too early is no longer a costly mistake, study suggests

When you book can play a big role in the cost of airline tickets -- so when is the best time to book flights? Earlier than you'd think, a new study suggests. Data from CheapAir.com suggests the window of time to buy at the best prices is…

Report says 20% of all 2018 web traffic came from bad bots

Distil Networks published its annual Bad Bot Report this week and announced that 20% of all web traffic in 2018 came from bad bots. The report had other similarly surprising findings regarding the state of bots as well.

Google Chrome will get a Reader Mode for distraction-free desktop browsing

If Google's testing of Reader Mode on the Chrome Canary desktop browser is successful, soon all Chrome users will gain access to this feature. Reader Mode strips away irrelevant content on a webpage for distraction-free browsing.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.