The Cyber Intelligence Sharing and Protection Act (CISPA) is likely to fail if it goes to a vote on the Senate floor, according to comments made today by Sen. Jay Rockefeller (D-W.Va.), the chairman of the committee on commerce, science and transportation.

CISPA is a bill that would enable major companies to share cyberthreat data with the government (and each other) to prevent attacks on their networks. Many critics have spoken out against CISPA because it doesn’t specify what information can be shared and what it will be used for beyond preventing cyberattacks. CISPA passed a vote in the House last week despite threats of a presidential veto.

“We’re not taking [CISPA] up,” Rockefeller told U.S. News. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we’re going to strengthen cybersecurity. They’ll be drafting separate bills.”

CISPA isn’t technically dead, because the Senate hasn’t brought the bill to a vote. And even though there’s promise of carving CISPA’s various cybersecurity issues into separate bills, it could easily morph into something that’s very much like the original piece of legislation that was passed by the House.

It’s worth noting that this is the second go-around for CISPA. Last year the bill also passed successfully in the House — and the Senate version of CISPA bill even had the White House stamp of approval. Yet the Senate is also where CISPA met its demise the first time, so maybe there is some hope that Rockefeller’s comments will hold true. Still, the White House is still pushing for some type of cybersecurity legislation to pass into law, and the Obama administration has even laid the groundwork for companies to voluntarily start participating in a CISPA-style coalition.

The U.S. House of Representative passed the Cyber Intelligence Sharing and Protection Act (CISPA) today after spending two days amending and debating it.

CISPA intends to open up the lines of communication between the private and government sectors to share information about breaches on private companies’ computer systems and other security problems. Many privacy and advocacy groups, however, have opposed the bill saying it doesn’t protect personal information.

The bill will now head to the Senate for its approval. If approved, it will go on to the White House, where President Barack Obama has already expressed grave concerns over the bill. Prior to the two days of amendment approvals CISPA faced, the White House threatened to veto the bill if it arrived on Obama’s desk in its current state. It is unclear whether the White House stands by this comment now that a few amendments have passed.

“Now that CISPA has passed  the House, the real battle will be in the Senate. I think we’ve got a stronger position in the Senate to defend online privacy, but there’s a lot of political will to move cybersecurity legislation this year,” said Electronic Frontier Foundation Activism Director Rainey Reitman in an email to VentureBeat. “We also have enough time now for concerned citizens to actually reach out to staffers and set up meetings with Senate offices, either in DC or when they next visit their home districts.  Every letter, phone call, and meeting makes a difference.”

But some legislators are still unconvinced. Minority Leader Rep. Nancy Pelosi (D-Calif.) expressed her worry on the House floor today saying the bill still didn’t meet the standards that uphold American’s civil liberties and gives companies too much immunity when providing attack information.

“They can just ship the whole kit and caboodle, and we are saying minimize what is relevant to our national security,” said Pelosi before the vote today. “The rest is none of the government’s business.”

Pelosi went on to say that the bill doesn’t touch on what she called the nation’s biggest cybersecurity issue: our infrastructure. The Rules Committee, which determines what jurisdictions you can and cannot touch in your bill, could have come together with the Homeland Security committee to allow CISPA’s writers to include infrastructure needs, according to Pelosi. But that didn’t happen.

“It’s just that curtail balance between security and liberty that I do not think has been struck in that bill. So for my own part, it will not have my support,” she concluded.

A second representative, Ed Perlmutter (D-Colo.) introduced a last-minute, slightly off-topic amendment that dictates government can never create an Internet firewall similar to China’s that disrupts the public’s access to the Internet. The amendment also made asking prospective employees for social media passwords during the interview process illegal. The amendment was not passed.

Rep. Mike Rogers (R-Mich.) image via CSPAN

While the House of Representatives debated the controversial Cyber Intelligence Sharing and Protection Act (CISPA) today, one of the bill’s authors claimed that they have not found any U.S. companies who oppose CISPA.

I suppose no one there has heard of Reddit.

“Well, after falsely dismissing us as ‘14-year-old tweeters in basements‘ – it doesn’t surprise me that [Rep. Mike Rogers (R-Mich.)] would have the audacity to make another false claim when a U.S. company like Reddit has opposed CISPA from the start in order to protect the privacy rights of its 64 million monthly users,” said Reddit cofounder Alexis Ohanian in an e-mail to VentureBeat today.

Rogers said on the House floor that “we have yet to find a single U.S. company that opposes this bill” after explaining that those behind CISPA have spoken with privacy groups, technology companies in Silicon Valley, financial institutions, and others regarding its content. He went on to name IBM, Intel, Juniper, Oracle, and EMC, as supporters of the bill.

But this is incorrect. Major companies such as Reddit, Firefox browser creator Mozilla, WordPress’ parent company Automattic, and others oppose CISPA, according to the Electronic Frontier Foundation, who provided us this Fight for the Future letter. These aren’t just small names in the technology industry, either, and they certainly count as U.S. companies.

“Rep. Rogers apparently hasn’t been looking very hard,” said Dave Maass, a spokesperson for privacy group the Electronic Frontier Foundation in an email to VentureBeat. “If he checked his Twitter account, he’d see that Craigslist, Reddit, Namecheap, Mozilla, and Automattic are all opposed to CISPA. Rep. Jared Polis perhaps put it best when he said that CISPA will shake the confidence of Internet users and without that trust, all Internet companies will suffer.”

CISPA’s intent is to help private companies share cyber-security event information with the government. The bill’s authors say that the military will by not means control the information that comes through CISPA’s channels. They also stress that the only information coming through are “1s and 0s” and that if any personal information slips through it will be “knocked out,” in the words of Rep. Dutch Ruppersberger (D-Md.).

Privacy groups and companies such as the one above oppose CISPA, however, saying that the bill uses too broad of language and poses a threat to individual privacy. Yesterday, the White House said it would veto the bill in its current state, fearing that companies would be given too much leeway in sharing private information and should be held accountable for the information it hands over.

“It’s sad, because Michigan’s 8th District deserves a rep who won’t sacrifice liberty for perceived security,” said Ohanian.

Additional reporting by Tom Cheredar;

Rogers photo via Wikipedia

The White House announced today that it would turn down CISPA, a cyber-security bill that focuses on information-sharing, if Congress presented to the president in its current form.

“The Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill,” the White House said in a statement today.

The Cyber Intelligence Sharing and Protection Act was recently voted through the House Intelligence Committee, bringing it one step closer to the president’s desk. The House is slated to vote on the bill tomorrow, causing activist groups to call for people to tweet their representatives and make noise about the proposed legislation. It seems the White House has the loudest voice today.

If passed, CISPA would head to the Senate next.

The Obama administration has already once turned down the bill, saying it need amendments before it can be made into law. Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) made a few amendments to the bill, including the removal of language that says the information collected through CISPA could be used for “national security” purposes.

The White House says that it’s still looking for more amendments and “should adhere to the following priorities:

1. Carefully safeguard privacy and civil liberties
2. Preserve the long-standing, respective roles and missions of civilian and intelligence agencies
3. Provide for appropriate sharing with targeted liability protections

The statement goes on to say that people shouldn’t have to fear companies having “immunity” if they share information that puts people’s civil rights in harm’s way.

“Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately,” said the White House. “Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals.”

Dutch Ruppersberger image via RDECOM/Flickr

CISPA, a cyber-security bill widely contested by advocacy groups, passed the House Intelligence Committee today and will be voted on by the House of Representatives next week.

CISPA was originally shot down by the Obama administration, but has come back with a number of amendments. It focuses on information sharing — a barrier between the private and government sectors that is, in many people’s minds, stunting cyber security growth. CISPA would allow private companies to quietly disclose attacks on their systems to government agencies.

Privacy groups are concerned that this information sharing might include customer and user information and might overstep the current privacy regulations we have in place. The bill’s creators, Representative Mike Rogers (R-Mich.) and Representative Dutch Ruppersberger (D-Md.), say this isn’t the case, and they’ve made amendments stating that data must be stripped of personal information.

The Electronic Frontier Foundation and the American Civil Liberties Union took to Reddit recently to express concern about CISPA and rally people to contact their congressmen. The two held an “Ask Me Anything” session where people could pose any questions about the bill to be answered by lawyers and activists with either group.

“The most effective way to express dissent is a combination of contacting those in power and then being LOUD,” said Adi Kamdar, activist with the EFF during the AMA. “The next step — and perhaps the more important step — is for you to spread the word about CISPA and its huge concerns. Tweet about it, post about it on Facebook, yell it from the rooftops (safely). The bill is being marked up and voted on these next few weeks. People need to learn about CISPA’s dangers and take action today.”

On a lighter note, if you need a refresher on how bill-voting works, you should probably watch this:

hat tip The Hill; Dutch Ruppersberger image via RDECOM/Flickr

As a member of congress, it’s one thing to support a bad piece of tech policy because you don’t fully understand the Internet but it’s quite another when you brag about all the money you’re making on the side from that position.

That’s what happened yesterday when Rep. Mike Rogers (R-MI) tweeted about how pro-CISPA organizations donate much more money than those that don’t support the bill.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. The bill failed to gain traction last year and its current version is strongly supported by President Barack Obama. As many critics have pointed out, CISPA is too vague when it comes to what pieces of personal data a company is allowed to share with the government, and doesn’t specify sufficient boundaries for protecting privacy rights.

Rogers initially tweeted a link to an article (screenshot shown above) that outlined the collective contributions that pro-CISPA organizations donated to House members. The pro-CISPA groups, such as AT&T, IBM, U.S. Chamber of Commerce, and Comcast, gave upwards of $55 million to congressional members, where anti-CISPA groups have only given about $4 million, according to political finance activist group MapLight. Basically, this is the kind of information that should send up all sorts of red flags — since many of these companies that support CISPA stand to benefit financially in one way or another if it passes.

The tweet in question has since been deleted by Rogers. And since then the congressman (or one of his aides) has tweeted statements that attempt to further explain what CISPA does and doesn’t do. But without any evidence attached to those statements, it’s pretty much a matter of how you interpret the language written in the bill.

CISPA is currently being held up for review in a house committee, and is expected to head to the floor for a vote in the near future.

Via BoingBoing

While congress has yet to reach any sort of lasting solution regarding the nations growing cyber security problems, President Barack Obama has decidedly taken the first big step in an executive order signed earlier today.

The executive order places the National Institute of Standards and Technology with the responsibility of  creating cyber security standards for organizations and industries that are of great importance to the country, such as transportation, utilities (water and electric), and healthcare. The department of Homeland Security will then work with businesses and industry groups on a volunteer basis to ensure that the standards are being met properly as well as come up with incentives to get more organizations/businesses on board.

The executive order would also create a new initiative for businesses to share their cyber security data with a centralized organization that could make sense of it, and allow security experts to advise on how to prevent future attacks.

Right now the biggest deterrent in getting businesses and other organizations to get on some kind of standard cyber security plan is that most don’t want to be held liable for security breaches due to failure of these self-imposed regulations. However, if congress passes new legislation regarding cyber security standards, that could change.

Last year the House passed legislation call CISPA, or the Cyber Intelligence Sharing and Protection Act, which would have addressed many of the concerns businesses and other organizations had about a cyber security standards. The bill sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. However, CISPA had few guarantees that it wouldn’t grossly violate an individual’s privacy rights, and initially faced of a presidential veto threat). The White House eventually put a stamp of approval on a revised version of the bill, which failed a vote in the Senate.

Now, that same House bill is tentatively headed back to the floor for another vote Wednesday, meaning congress has one more chance to pass the White House-approved version.

This is an issue that President Obama clearly understand is important (having highlighted it specifically in tonight’s State of the Union address), and his executive order essentially lays the groundwork for the CISPA bill to pass, should that happen.

You can read full text of the cyber security executive order in the document embedded below.

Rumors of CISPA’s demise were apparently greatly exaggerated, according to various privacy rights advocates and organizations today.

CISPA, or the Cyber Intelligence Sharing and Protection Act, initially sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. It passed a House vote with few guarantees that it wouldn’t grossly violate a person’s privacy rights (even in the face of a presidential veto threat). The White House eventually put a stamp of approval on the bill, pending certain amendments. But the Senate vote failed, and the president resorted to other methods for the time being.

The recently “deceased” bill, however, is scheduled for a new vote. House Intelligence Committee Chairman Mike Rogers (R-MI) and fellow congressman Dutch Ruppersberger (D-MD) will reintroduce CISPA this Wednesday, which should bear a striking resemblance to last year’s bill and not the amended version that failed to gain even a senate vote of approval.

So, what can you do to thwart (or at the very least stay informed about) CISPA this time around? Well, non-profit privacy awareness group Fight for the Future has created a webpage listing all the contact information for each congressperson that co-signed the last version of the bill, a list of companies that support the new CISPA, and other important facts.

The group also produced the infographic embedded below which contains a condensed explanation of what CISPA is trying to make legal.

The Lieberman-Collins Cyber Security Act was defeated in the Senate today by a vote of 52-46 — four senators shy of its requirement to move forward.

The Senate bill was a response to the House’s Cyber Intelligence Security Protection Act (CISPA), which sought to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. The Republican-led House passed CISPA back in April, despite lots of backlash from Internet users, special interest groups, and even rumblings of a presidential veto. Critics said CISPA sacrificed a person’s privacy rights and had the potential to censor free speech without public knowledge — among other things.

The Cyber Security Act, by contrast, wanted to address all of these problems through various amendments, in part by requiring authorities to obtain a warrant for personal online data when charging them with a crime. More than 200 amendments were filed to change the bill, which invited lots of debate on both sides of the aisle.

The Senate bill, which was led by Senate Democrats, also put much more emphasis on protecting the country’s financial system and electric grid from malicious activity by hackers, and included amendments to other privacy laws that are vague regarding online activity. Republicans said the bill raised too many questions to gain approval.

The failed vote means Congress won’t address the issue of cybersecurity until at least 2013, according to The Hill.

Photo via Frank Jr /Shutterstock

The senate is expected to vote on an amendment next week that would allow video rental services like Netflix to take advantage of deeper integration with social networks like Facebook.

Despite being the country’s largest streaming movie service, Netflix is noticeably absent from Facebook’s Timeline feature due to a 1988 law that forbids video rental services from sharing a customer’s rental history. The law, Video Privacy Protection Act (VPPA), was initially created for the purpose of concealing physical media rentals, but congress has refused to say if digital video rentals also fall under the law’s jurisdiction.

As a cautionary measure, Netflix, which offers both physical and streaming rental services, has operated as if the VPPA did apply to digital media. This is why services like Hulu feature deep Facebook integration, while Netflix does not. In February, the company also decided play it safe by settling a class action suit related to violating the VPPA, as VentureBeat previously reported. The settlement cost the company $9 million, and made them agree to delete all rental history data from a customer a year after they formally cancel their subscription.

Not being able to utilize Facebook is something that Netflix desperately wants for its U.S. service. Several media services — including Spotify, Ustream, Viddy, and others  — that previously integrated with Facebook’s Timeline have experienced huge traffic and subscriber growth. Facebook integration has also helped grow Netflix service in international markets, the company stated in its Q2 2012 earnings report.

But despite its setbacks, Netflix is taking steps to persuade congress to change the VPPA law.

In April, Netflix formed its own Political Action Committee (PAC) called FLIXPAC to help rally congress on issues important to its business (like a VPPA amendment). The company has spent a total of $395,000 this year on lobbying efforts, according to political news site The Hill. Also, the House passed legislation in December 2011 that would give Netflix permission to share data via Facebook with a subscriber’s consent.

The amendment, which Sen. Patrick Leahy (D-Vt.) drafted, could be voted on next week as part of another cyber security bill. Leahy’s involvement is particularly interesting because he previously wasn’t keen on allowing rental data to be shared in any form. During a senate hearing in February, Leahy even described the aforementioned House bill as “dominant corporate interests (enticing) a check off in order to receive what may seem like a fun new app or service.”

Leahy’s change of heart could have something to do with senate democrats trying to gain support for an amended version of the Lieberman-Collins Cyber Security Act (aka the senate version of CISPA), which the senate is also expected to vote on next week.

Illustration by Tom Cheredar; Photo via Fox Business

If you’re unfamiliar with the term “botnet,” then perhaps your computer wasn’t one of the 5 million systems infected worldwide between January and March of this year. Botnets are collections of infected computers used maliciously to create spam, flood traffic to websites and even steal private information.

In an earlier story from VentureBeat, it was reported that the United States fell into the “top five vulnerable countries with 19.32 percent of computers at risk.” Bottom line: it isn’t always in your best interest to click on every link someone sends you.

“The issue of botnets is larger than any one industry or country,” Howard Schmidt, the White House cybersecurity coordinator, said in an e-mailed statement. “This is why partnership is so important.”

According to Schmidt, the voluntary principles announced are intended for partnership with the government in regards to malware, while working together to confront cyberattacks globally.

“IBG has also developed a framework for shared responsibility across the botnet mitigation lifecycle from prevention to recovery that reflects the need for ongoing education efforts, innovative technologies, and a feedback loop throughout all phases,” IBG said on their website.

In all of this, the Cyber Intelligence Sharing and Protection Act (CISPA) that was passed by the House in April — an act that would allow the government and other companies to voluntarily share information on cyber threats — was opposed by President Obama due to his belief the act would invade the public’s Fourth Amendment rights.

Senator Joe Lieberman recently created a bill (S. 2105) that would put the Department of Homeland Security in the front lines of regulating cybersecurity through transportation networks and power grids. The bill has yet to move to the Senate floor.

Via Bloomberg; Photo via hyperproteinus

Facebook is just now kicking off a roadshow meant to drum up interest in its forthcoming initial public offering, which is estimated to bring the social media giant between $9.4 billion and $11.8 billion. However, there is at least one high-profile person in the tech world who isn’t impressed: Reddit co-founder Alexis Ohanian.

In an interview with CNN today, Ohanian (pictured above) said he was holding off on any investment in Facebook due to its support of cyber security bill CISPA, although he noted that he definitely “understand(s) the business value of what Facebook is doing.”

“We’ve never seen a company like this before, ever. It knows things about our private lives that no one else does, and one of the big issues a lot of us in the tech community has had with Facebook of late, has been their support of bills like CISPA,” Ohanian said. He added that CISPA will make it very easy for a company like Facebook to hand over that private information to the government without any due process.

“So, that’s why I’m going to be holding off,” he said.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer data while defending against Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. But the language in the bill is far too vague when it comes to distinguishing how the government can use that information, leading critics to brand it as “evil.” The bill also doesn’t provide an adequate description of what’s considered a “security threat.”

Despite those aforementioned issues, CISPA passed in the House last week with amendments that make the bill even more vague. Facebook has also stood firm on its stance of support for CISPA, despite the bill’s amendments.

Ohanian isn’t the only person who’s not happy about CISPA or Facebook’s support of it. The site he helped start, Reddit, is also trying to help educate the masses about CISPA.

Photo of Alexis Ohanian via Alec Perkins/Flickr

As one of the more prominent and vocal opponents of anti-piracy legislation SOPA, social news site Reddit has positioned itself as an organization that deeply cares about tech policy. But sometimes that can work against it.

For instance, last weekend the site’s users started organizing an elaborate Reddit-boycott due to unhappiness over the lack of attention Reddit management had given to the hotly debated cyber security bill CISPA.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. But the language in the bill is far too vague when it comes to distinguishing how the government can use that information, leading critics to brand it as pure and unadulterated evil. The bill also doesn’t provide an adequate description of what’s considered a “security threat”.

The user uproar was undoubtedly fueled in part by the House’s rushed vote of approval for CISPA last week, which actually contained amendments that make the bill even more vague and degrading to privacy protections. This contradicts most of the prior speculation that the bill would get better prior to going to a vote. And while Reddit eventually did respond to the community, it’s still planning to boost the discussion about CISPA in the coming weeks.

Earlier this week, Reddit General Manager Erik Martin spoke with VentureBeat about the company’s stance on CISPA, and how its strategy for handling CISPA stops just short of activism.

VentureBeat: So I saw the initial uproar by users that called for a strategic boycott of Reddit, which was just like you’d expect from redditors: detailed and multi-tiered. I also saw the follow-up. Have you guys made any progress toward helping Reddit user fight CISPA?

Erik Martin: Right now we’re working on getting as many experts as possible to interact directly with the Reddit community. So, hopefully there will be a lot of informative IAMAs and similar discussions this week, involving experts and stakeholders across the board.

VentureBeat: As for the uproar from users, do you think the timing of the bill passing caught you guys off guard? I know it went from a “bad bill” to a “truly awful bill” in a very short amount of time.

Martin: Yes, we’re not experts or super dialed in to the process. So, we were hearing the revisions and amendments were going to improve the bill, not make it worse.

VentureBeat: I think a lot of people did, at least heading into the weekend. Do you think the update/response to the Reddit boycott was enough to let users know you’re paying attention?

Martin: I think people just want to be sure we give a shit. But just like with SOPA, our role is to facilitate … help the community discuss the issues and collectively explore what to do about it. (For example), we directed people to discuss tactics at http://reddit.com/r/SOPA, but we did not originate or promote any of the specific ideas, like the Godaddy boycott. We’re going to try to do an even better job of that this time (with CISPA). Hopefully the experience of SOPA showed everyone across the board how important it is to communicate directly with the internet communities. So, I’m optimistic.

VentureBeat: With legislation like this (CISPA, SOPA/PIPA, ACTA), is it important for Reddit’s management to draw a distinction between promoting discussion and activism?

Martin: Yes, it is important, but it’s more complicated since Reddit is both a company and a community. I think it’s a fairly new position. We’re not interested in activism, but there are times when we can help make sure the community’s voice is heard. And Reddit is built upon having a free and open internet … we’re open source, don’t require user info, user curated etc. So, anything that might threaten a free and open internet impacts both the community and the company.

VentureBeat: Is there a blackout day for CISPA further down the road if needed?

Martin: No blackout plans, but who knows.

VentureBeat: I’m assuming you’re among the majority of people at this point who hasn’t been able to dig through all the amendments that make CISPA dangerous. Once the week(s) of IAMA experts have explained the situation, will you guys gather all that information and form an official company stance on the bill?

Martin: Not only CISPA, but also the cyber security bills in the senate –  there are like four bills, too.

VentureBeat: In the spirit of healthy discussion, are you guys seeking out an expert that’s for CISPA (and related bills in the senate)?

Martin: Absolutely. And (there are) some good signs that we’ll be able to make that happen. I would love a co-sponsor or the appropriate staffer to discuss and answer questions about the bills on Reddit.

Top image via nComment

The U.S. House of Representatives has passed a hotly protested cyber security bill, CISPA, with a vote of 248 to 168 this afternoon.

CISPA, or the Cyber Intelligence Sharing and Protection Act, seeks to give American companies more legal breathing room when collecting and sharing consumer/user data in the scope of Internet security threats. Essentially, the bill’s goal is to encourage companies to share information with the government that may help it fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws.

House Republicans brought the bill to a vote despite the threat of a veto recommendation by President Barack Obama’s advisers if certain amendments were not made prior to it passing. Some of those amendments did make it into the bill before going to vote, including more stringent privacy protection measures and additional restriction for how a person’s private data can be used. However, I highly doubt CISPA is now completely devoid of vague language and over-broad descriptions for determining what is a security threat.

CISPA’s main co-sponsor Rep. Dutch Ruppersberger (D-MD) seemed put off by the White House’s veto threat, which could have prompted the bill going to the floor for a vote. “We’ve been working with [the White House] for one year. I don’t like to get a phone call half an hour before we go to Rules yesterday that this is coming,” he told industry group  Telecommunications Industry Association (TIA) at an event today.

While CISPA only intends to thwart security threats, many believe it could end up paving the way for large companies (as well as the government) to begin policing the internet. Critics also point out that companies may begin creating extensive user databases, intercepting or modifying communications under the guise of security, and blindly complying with government requests for private  user information.

In response to the successful House vote, the Center for Democracy & Technology (CDT) reaffirmed its opposition to CISPA by outlining exactly why its a bad cyber security bill.

“The bill has three critical civil liberties problems, and we have worked with Members of Congress, Internet users, advocacy groups, and industry to address them,” the organization wrote in a statement today. “The first is that CISPA permits unfettered sharing of private communication with the government; second, it permits that sharing to go to any agency including the super-secret NSA; and third, it permits the government to use this information for purposes wholly unrelated to cybersecurity.”

The bill has public support from several big tech and communications companies, including Facebook, AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others. It still faces a vote in the senate, and another congressional vote to overturn a veto, should the president decide to follow his advisor’s recommendation.

Image via Monika Wisniewska / Shutterstock

White House advisers yesterday said they’ll recommend that President Barack Obama veto the controversial cyber security bill CISPA if it passes a congressional vote in its current form.

CISPA, or the Cyber Intelligence Sharing and Protection Act (PDF), intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — specifically, data regarding security threats. Essentially, the bill’s goal is to enable companies to share this type of information with the government to help fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws. The bill has public support from several big tech and communications companies, including Facebook, AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.

CISPA also has broad support from over 100 House co-sponsors from both sides of the aisle, with House Republicans preparing to send it to the floor very soon.

In the policy statement, the president’s advisers are asking House members for significant changes to the proposed bill before they’ll change their mind about recommending a veto. Specifically, they want to see greater privacy protections, more stipulations to protect an individual’s personal information, and a revision to the bill’s liability protection language.

The advisers believed the current version of CISPA would permit “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” writes the administration in the policy statement. “Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the government without undue restrictions imposed by private sector companies that share information.”

CISPA’s main sponsor Rep. Mike Rogers (R-Mich.) said he’s confident that the advisers’ amendment requests can be satisfied, reports Politico. He also added that if he can get the bill in front of the president, House members will be able to answer any questions well enough to get it signed into law.

The House is expected to vote on the bill before the end of the week. A senate version of CISPA could see a vote as soon as next month, co-sponsor of the bill Sen. Joe Lieberman (I-Conn.) told Politico.

Image via donkeyhotey/Flickr

If its lobbying spend is any indication, Google is trying to woo the government. The search giant spent triple what it did a year ago on lobbying efforts in Washington, according to The Hill.

Google’s spending in Washington, D.C. has increased as government agencies continue to scrutinize the company’s data privacy practices. Just last week, the FCC fined Google a paltry $25,000 for “deliberately impeding” investigations into its “accidental” snooping of Wi-Fi networks. And earlier this year, Google attracted a ton of attention for completely revamping its privacy policies.

The company’s main concerns in D.C. have been privacy legislation, including rules on online tracking, and cyber security legislation, including the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill. CISPA could enable companies to share private user information with the government to help it fight and prevent cyber security attacks. Google has not taken a position one way or the other on CISPA, so it’s hard to tell which side it’s playing.

Getting down to specifics, Google spent $5.03 million on lobbying from January to March, which is a 240 percent increase over the $1.48 million it spent in the first quarter of 2011. That’s not much compared to the $10.6 billion in revenue it cleared in Q1 2012, but every bit helps in Washington. Google CEO Larry Page used that earnings call to announce a Google stock split, something else it could be lobbying about.

Photo credit: Vasilevich Aliaksandr/Shutterstock

After lots of public outcry, Facebook has published a letter today explaining its support for controversial cyber-security legislation, the Cyber Intelligence Sharing and Protection Act, or CISPA (PDF).

CISPA intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — specifically, data regarding security threats. Essentially, the bill’s goal is to enable companies to share this information with the government to help fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws. The bill has broad support from over 100 House co-sponsors from both sides of the aisle.

Critics of CISPA often incorrectly refer to it as a new version of international copyright infringement bill SOPA, which would have given the government the authority to shut down websites accused of internationally committing acts of piracy. But while CISPA only intends to thwart security threats, many believe it could end up paving the way for copyright holders to begin policing the net. Critics also point out that it promotes the idea of companies creating extensive user databases, intercepting or modifying communications under the guise of security, and blindly complying with government requests for private  user information.

Facebook, however, believes CISPA’s cyber security benefits greatly outweigh any of the potential negative impacts critics have cited.

“We recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity,” wrote Facebook VP of Public Policy Joel Kaplan in the letter. “Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 [a.k.a. CISPA] in the first place — the additional information it would provide us about specific cyber threats to our systems and users.”

Facebook isn’t alone in its support of CISPA. Other companies that support the bill include AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.

Facebook’s entire statement follows below. Let us know your thoughts in the comments section.

Via Facebook:

“More than 845 million people trust Facebook with their information, and maintaining that trust is at the core of everything we do. Keeping the site secure to protect our users and their information requires a combination of technological innovations; around-the-clock coverage from our dedicated staff; and relationships within the broader security community.

A successful defense against bad actors also requires that we have timely information about cyber threats. One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack. Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.

A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users.

The overriding goal of any cybersecurity bill should be to protect the security of networks and private data, and we take any concerns about how legislation might negatively impact Internet users’ privacy seriously. As a result, we’ve been engaging directly with key lawmakers as well as industry and consumer groups about potential changes to the bill to help address privacy concerns.

The bill’s sponsors, House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger, have stated publicly that they are working with privacy and civil liberties groups to address legitimate questions and concerns about how information might be shared with the government under the bill. They’ve made clear that the door is still open to change the bill before it comes to the House floor for consideration.

We hope that as Congress moves forward in considering this and any other cyber legislation, the result will be legislation that helps give companies like ours the tools we need to protect our systems and the security of our users’ information, while also providing those users confidence that adequate privacy safeguards are in place.

Plastic toy soldiers photo via jcjgphotography/Shutterstock