On Tuesday, the Texas House added three amendments to the CISPA-like bill flying through the Legislature. Clearly, all the attention now directed at this terrible bill is spurring action by state lawmakers. But the amendments completely fail to address the bill’s serious privacy violations and some make the bill even worse.
This amendment changes the target of government seizures from “an electronic communications service” to a “remote computing service”. All this does is make it more clear that websites not based in Texas are going to be forced to comply with this bill.
The amendment also appears to remove the limit on how far back the state could seize personal records. The bill previously only applied to electronic communication that was less than 180 days old (so it prevented really old fishing expeditions). Under this version of the bill, it appears the government could seize years - or even the totality - of a person’s online communication. This is a terrible change.
The amendment also made an important change by removing the ability of a “Designated law enforcement office or agency” to collect the data, leaving it to authorized peace officers. But this doesn’t improve the bill very much - authorized peace officers are state agents who also should not be empowered with these broad abilities to seize private communications. It removes the ability for some political hack in a specific office or agency to file a request for electronic information - which is a good thing - but doesn’t address the glaring privacy violations in this bill.
The Texas CISPA bill, approved unanimously by the House last week, may be passed by the Legislature within 24 hours. It has been scheduled for a vote on Monday.
The bill, now slightly altered SB 1052 in the Senate, does the following:
- Requires any Internet provider that serves Texans to hand over private communication and files.
- Sets no standard for warrants for such seizures, enabling arbitrary violations of Texans’ privacy.
- Forces Internet providers to respond within 15-30 days (and sometimes 4-30), giving them almost no time to protect information not targeted.
- Makes it a crime for an officer, director or owner of a company to not comply with the request within the 15-30 day window.
- Opens the door to politically-motivated seizures of online communication.
Justice Department agreed to issue ‘2511 letters’ immunizing AT&T and other companies participating in a cybersecurity program from criminal prosecution under the Wiretap Act, according to new documents obtained by the Electronic Privacy Information Center. Read this article by Declan McCullagh on CNET News.
Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.
The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.
“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”
Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.
Another day, another House Intelligence Committee session held in secret, under the rather convenient excuse that “classified information” might be revealed.
As was the case last year when members of the committee amended the Cyber Intelligence Sharing and Protection Act (CISPA) the first time around — the bill, dubbed a “privacy killer” by online activists and privacy groups, will once again be amended in a veil of secrecy.
According to the committee’s spokesperson, Susan Phalen, (via The Hill), these secret hearings are not uncommon and “sometimes they’ll need to bounce into classified information and go closed for a period of time to talk.”
She said that in order to keep the flow of the mark-up — where rewrites to proposed legislation are made — the committee cannot suddenly stop, order every person and member of the media out of the chamber, only to be brought back in later once the discussions are back on unclassified territory.