A point-by-point examination of whether changes to the CISPA legislation successfully address its flaws.
Yesterday I wrote a piece detailing a range of issues with the Cyber Intelligence Sharing and Protection Act that is scheduled to go before Congress for a vote this Friday. By the time that piece would have run, it was already outdated: Last minute opposition from privacy and civil liberties advocates including the Electronic Frontier Foundation, The American Civil Liberties Union, and the Center for Democracy and Technology have convinced the bill's authors to support a set of amendments at the 11th hour intended to address some of the most problematic aspects of the bill. Below is a discussion of some of the issues I (and others) had with the original version and how the new amendments address (or fail to address) these issues.
The goal of CISPA (full text), ostensibly, is "to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence." CISPA is written on the reasonable assumption that cyber threats with national security significance could target a range of privately held networks or infrastructure and that in such an event it would behoove us all to have open lines of communication. Prior to the recent amendments, CISPA went far beyond merely streamlining information sharing, to threaten individual civil liberty, and would have potentially introduced a back-door intellectual-property-enforcement regime. For example, The Electronic Frontier Foundation concluded that the original draft of the bill could be used against WikiLeaks and Pirate Bay.