Obama, Democrats, privacy organizations still opposed to CISPA

by Joan McCarter

The White House hasn't actually issued a veto threat over the current House efforts to revive last year's disastrous cybersecurity bill, CISPA, but it's all but done so.

The Obama administration issued a statement Thursday that indicated it's not likely to support a cybersecurity bill approved by the U.S. House Intelligence Committee this week.

While stopping short of an outright veto threat that many privacy activists may have wanted, the statement made clear that the administration does not believe the bill in its current form does enough to safeguard personal information.

The pushback from privacy organizations, the White House, and tech corporations has resulted in some modifications in the bill that will go to the House floor next week. But not enough to satisfy the White House or privacy experts. For example, the bill still would allow information about us, regular Americans, to be shared with the National Security Agency. There's still no requirement that any personally identifiable information about us that is shared between companies and the government is stripped out.

That means that it's still unacceptable, and is unlikely to get any better with floor amendments next week, since that's not how the Republican House works. President Obama better get his veto threat language brushed off, because he's probably going to need it.

Email your member of Congress and tell them to scrap this CISPA bill.

http://www.dailykos.com/story/2013/04/12/1201351/-Obama-Democrats-privacy-organizations-still-opposed-to-CISPA

President Obama Shows No CISPA-like Invasion of Privacy Needed to Defend Critical Infrastructure

By Michelle Richardson

Last night the President signed an executive order (EO) aimed at ramping up the cybersecurity of critical infrastructure. Overwhelmingly, the EO focuses on privacy-neutral coordination between the government and the owners and operators of critical infrastructure (CI)—such as the banking, communication, power, and transportation sectors—which have long been regulated because of their fundamental role in the smooth operation of society. Now that these important entities are all connected to the internet, the administration insists that their cybersecurity be on par with their physical security.

There are two important information sharing advancements in the EO, and this time they are good for privacy. They do not include the many problems of legislation like the Cyber Intelligence and Sharing Protection Act (CISPA) because an executive order by definition cannot take away the privacy protections granted by current statutes. In other words, the EO cannot exempt companies from privacy statutes, or let the government collect new information. It can only act within its existing power to change policies and practices.

Two cheers for cybersecurity programs that can do something besides spy on Americans.

The first information sharing advancement greases the wheels of information from the government to the private sector. Section 4 lights a fire under agencies and directs them to share more information with companies—information they already have and can legally collect under current law. Information flowing in this direction is nowhere as near as problematic as the opposite direction. To the extent that corporate and congressional advocates claim that CISPA is needed for this purpose, the administration beat them to the punch. The EO directs the attorney general, the director of national intelligence and the secretary of homeland security to set up a system to get threat information to critical infrastructure owners and operators. They have four months to pull it together.

The second information sharing provision is a net positive for civil liberties. Section 5 directs the Department of Homeland Security, the Privacy and Civil Liberties Oversight Board (PCLOB) and the Office of Management and Budget to evaluate current interagency information sharing. There is plenty of cyber information floating around the executive branch and across different agencies. There doesn't appear to be any publicly available regulation of how that information is protected for privacy purposes, and it may very well be that it is protected by a mish-mash of originating statutes that treat different types of information with varying protections. By holding the agencies accountable to the Fair Information Practice Principles (FIPPs)—transparency, choice, minimization and more—we may see a government-wide cybersecurity privacy regime evolve. To get it done right, PCLOB will need to be funded and staffed up, and advocacy will be needed to keep the agencies true to the FIPPs, but the President has now declared them the bellwether for cybersecurity information.

Overall, the EO is a win for privacy and civil liberties. It's a good reminder that while some are focused like a laser on turning our internet records over to the National Security Agency, there are a lot of other things that government can do to advance cybersecurity instead. Now it's up to all of us to make sure Congress follows the President's lead.

http://www.aclu.org/blog/national-security-technology-and-liberty/president-obama-shows-no-cispa-invasion-privacy-needed

CISPA Goes to The Floor for a Vote, Privacy Amendments Blocked

Yesterday, the US House prepared for the debate on the privacy-invading "cybersecurity" bill called CISPA, the Cyber Intelligence Sharing and Protection Act. The rules committee hearing was the last stop before the bill is voted on by the full House.

In the hearing, Rep. Mike Rogers (R-MI) was questioned about the core problems in the bill, like the broad immunity and new corporate spying powers. In response, he characterized users who oppose CISPA as "14 year olds” tweeting in a basement.

The bill may be voted on as early as Wednesday. This means there’s little time left to speak out.
- more