As noted here previously, a revamped version of CISPA (the Cyber Intelligence Sharing and Protection Act), which is just as bad in terms of privacy protections as its first failed iteration, is in the “mark up” stage in the House. The Electronic Frontier Foundation and the ACLU are working together to rally opposition to the bill, which would entail companies potentially handing over users’ private information and browsing histories to the government.
Representatives from the two groups took to Reddit Monday to answer questions about CISPA and their campaign to stop the bill’s progression into law. EFF’s Mark Jaycox explained the current state of CISPA bill H.R. 624:
CISPA is currently at the “markup” stage. This means that the bill has been introduced and will be discussed by the full committee at a meeting. The committee will vote on amendments, edit (ie, “markup”) the bill, and vote on a final version of the bill. Once the final version is voted “out of committee,” it will be ready for a full floor vote where the entire House can vote on it.
EFF’s Rainey Reitman explained why lawmakers may be rehashing a bill that already failed last year:
Congress wants to appear as if it’s doing “something” about Internet security. But the truth is that the proposals they’re suggesting don’t address most of the major network security issues. From social engineering to two-step authentication, from the broken CA system to encrypting the web, there are concrete and real issues around network security that can and should be addressed (though a lot of them aren’t legislative solutions). Instead of grappling with these issues, Congress is trying to push an information “sharing” bill that would undermine existing privacy laws.
Later in the AMA session, Jaycox outlined the primary issues privacy advocates have with CISPA:
H.R. 624, the newest version of the bill is the amended version and the one currently being debated in the House. This amended version is still littered with many problems:
Companies have new rights to monitor user actions and share data—including potentially sensitive user data—with the government without a warrant.
CISPA overrides existing privacy law, and grants broad immunities to participating companies.
Information provided to the federal government under CISPA would be exempt from the Freedom of Information Act (FOIA) and other state laws that could otherwise require disclosure (unless some law other than CISPA already requires its provision to the government).
CISPA’s authors argue that the bill contains limitations on how the federal government can use and disclose information by permitting lawsuits against the government. But if a company sends information about a user that is not cyberthreat information, the government agency does not notify the user, only the company.