Why CISPA Isn't SOPA

Online activists are planning a series of protests this week against legislation (HR 3523) from House Intelligence Chairman Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., aimed at encouraging private companies to share information on cyberthreats and attacks with the government. Cybersecurity experts and industry have complained for years that the current legal climate makes it impossible for them to share information about the threats they face. Until recently, support for information-sharing legislation has been one of the least controversial aspects of the current debate over comprehensive cybersecurity legislation. The House appears likely to pass an information-sharing bill and frame it as a significant step toward securing the nation's computer networks, while the Senate has treated such legislation as a starting point rather than final destination.

But groups including the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation are promising a week of action to raise awareness of the bill, which they fear could undermine user privacy. They argue the broad definitions of national security and other terms in the bill would give companies a free hand to allow the government access to data that has nothing to do with cyberattacks. Sponsors have offered two amendments aimed at tightening the bill's language, which have softened some of the criticism, but not enough to silence comparisons between the legislation known as CISPA and two controversial online piracy bills that were scuttled by Web protests earlier this year.

Those bills, SOPA and PIPA, were particularly controversial because they gave the government authority to block certain foreign domains for online piracy and appeared to strongly favor the interests of one economic sector (content creators) over another (tech companies). Unlike SOPA and PIPA, the concerns raised about CISPA have to do with surveillance rather than censorship. While privacy and civil liberties advocates have consistently decried the tradeoff between privacy and digital surveillance that was featured in laws such as the Patriot Act, the prospect of government surveillance, ostensibly for national security purposes, has yet to spark the same sort of outrage as potential online censorship.

Further evidence this week's protest won't get the same traction as SOPA/PIPA: Prominent websites such as Wikipedia and Google, which blacked themselves out to protest SOPA, haven't indicated they will join the CISPA protests. In fact, many prominent tech companies, including Facebook, actually support the legislation, which would likely impose fewer requirements on them than the Senate alternative. Facebook vice president for U.S. public policy Joel Kaplan recently noted that CISPA's sponsors are open to changing the bill before it reaches the House floor, and said Facebook has been engaging directly with lawmakers and interest groups to address the stated privacy concerns.

Netflix CEO: Comcast Not Following Net Neutrality: Netflix CEO Reed Hastings argued Comcast's new Xfinity app for Xbox violates net neutrality principles in a Facebook post last night. Hastings noted that Comcast doesn't count video streamed through the app against a user's monthly bandwidth limit, but does count traffic viewed on the same connection through other apps or devices. The last time the FCC tried to enforce net neutrality against Comcast, the company won a major legal victory that led to the court tossing the agency's net neutrality rules. The FCC's most recent open-Internet order is currently facing several challenges in federal court. Changes Brewing for Online Tax Collection: Ambreen Ali has an in-depth look in CQ Weekly at the battle over taxing online retailers such as Amazon, which currently only pays sales tax in five states. Traditional retailers argue the lack of an online sales tax gives e-commerce companies an unfair advantage over their brick-and-mortar counterparts. Several bills are currently in front of Congress that would override the Supreme Court's decision in Quill Corp. v. North Dakota and allow states to levy the sales tax against online retailers. Google Facing $25K Fine For Impeding Street View Probe: The FCC is penalizing Google $25,000 for impeding the agency's investigation into the unauthorized collection of WiFi data by the search giant's Street View vehicles. The data collection, which took place between May of 2007 and May 2010, included emails, text messages, passwords and browser histories for consumers, sparking outrage on the Hill and prompting an investigation into whether Google had violated the Communications Act.

According to the FCC order (PDF), the FCC was unable to interview the unidentified engineer responsible for developing the software code used to collect and store payload data after the company invoked the Fifth Amendment. Without his testimony or precedent for applying the law to WiFi payload data, the FCC elected not to take any enforcement action against Google. However, the FCC found Google is liable for a penalty of $25,000 for deliberately delaying the FCC's investigation into the incident for months by failing to respond to requests for information.

Quotable: "Google's Street View cars drove right over consumers' personal privacy while cruising city streets and neighborhoods. Consumers saw their Wi-Fi morph into 'Spy-Fi'. The FCC was correct to fine Google for this breach and to cite the company's recalcitrance in providing timely and comprehensive information in support of the Commission's investigation. However, I am concerned that more needs to be done to fully investigate the company's understanding of what happened when consumer data was collected without their knowledge or permission. This fine is a mere slap on the wrist for Google. Coupled with the company's recent changes to its privacy policy, it seems as if Google is making a U-turn in its commitment to protect consumer privacy as embodied in its settlement with the FTC. As Congress continues our discussion of ensuring online privacy for consumers, especially for children and teens, I will continue to actively monitor this situation, which can help to inform policy moving forward.” — Rep. Edward Markey, D-Mass. One Year After Black Friday, Poker Bill Awaits Action: One year after the Justice Department shut down much of the online poker industry, Roll Call's Amanda Becker reports poker players are pushing Congress to pass legislation to legalize and regulate the game online. The Poker Players Alliance launched a grass-roots campaign last week to coincide with the anniversary of "Black Friday," when federal agents seized and shut down the websites for PokerStars, Full Tilt Poker and Absolute Poker. The sites' owners have been charged with bank fraud and money laundering, with DOJ alleging Full Tilt was a Ponzi scheme that used player funds to pay the owners.

The PPA's campaign urges support for a bill (HR 2366) from Rep. Joe Barton, R-Texas, that would legalize and regulate poker alone on a federal level. The bill has drawn the support of 27 cosponsors but has yet to advance out of the House Energy and Commerce Committee, which has held several hearings on the subject of online gambling. But legislation may no longer be necessary, as the Justice Department recently reversed itself and concluded the Wire Act only bans sports betting across state lines, not all forms of wagering. That appears to have opened up the door for states to offer online gaming to their citizens. State lotteries and Indian gaming organizations have been among the strongest opponents of Barton's bill, arguing online gambling should be regulated by the states, not the federal government.

Support for legalizing online gambling has gained momentum thanks to the grassroots campaign, along with lobbying from gaming giants Casear's and MGM. The current budgetary crunch has lead lawmakers to view online gaming as a potential new source of revenue that could bring billions back to the U.S. from offshore sites. Senate Majority Leader Harry Reid, D-Nev., is considered a strong proponent of the gaming industry and is reportedly working on legislation to legalize some forms of online wagering. Supporters expect the Senate to move quickly to approve any online gambling legislation that passes the House. But there has been no indication the issue will reach the House floor before this fall's election.

Thompson Wants Cyber Regs for Critical Infrastructure: Mississippi Democratic Rep. Bennie Thompson published an op-ed in Roll Call on Monday that pushes the House to adopt cybersecurity legislation that tracks closely with the comprehensive bill (S 2105) favored by Senate leadership and the White House. Thompson argues any cybersecurity legislation should address the threat to critical infrastructure and place the Department of Homeland Security in charge of protecting federal civilian and private sector networks. He also rejects the suggestion that the Pentagon or National Security Agency should take the lead in cybersecurity, a proposal favored by many Republicans.

Thompson's position echoes that of Senate Democrats, who have held firm that any cybersecurity legislation must include baseline security standards for critical infrastructure providers. The measures championed by House leadership are much more focused on information sharing, with many in the House GOP adamantly against any new security regulations. However, a bill from House Homeland Security cybersecurity subcommittee Chairman Dan Lungren, R-Calif., is expected to include at least voluntary standards for critical infrastructure providers.