In the face of a remarkably successful public outcry, the House Republican leadership moved up the vote on the Cyber Intelligence Sharing and Protection Act (CISPA) by a full day and amended it to make it even more awful. While obviously not a good thing, I see a lot of positive signs for the future fight.
Why? Because CISPA backers faced serious signs of opposition — enough so that they moved up the vote to avoid further R defections. By the end of yesterday, the number of Rs committed to opposition had grown from 2 (Barton and Paul) to 28. That sounds small, but the trend was rapidly accelerating in the wake of the Tea Party uprising on this. Meanwhile, the White House veto threat combined with the civil liberties outcry from the left help shore up Democratic resistance. While it did not prove sufficient to prevail in this round, it will prove extremely important as we roll on to the Senate.
In many ways, the situation here reminds me of when Congress considered the Communications Opportunity Enhancement Act of 2006 (COPE). Among other things, COPE would have prohibited the FCC from adopting significant Net Neutrality rules (which everyone at the time actually assumed the FCC had the authority to do, so opponents wanted legislation to limit that authority). Almost exactly six years ago, we suffered a similar defeat in the House. Then, as now, I saw good reasons for optimism that we will ultimately prevail. In fact, our situation then was much weaker than the situation now.
I explore some of the reasons to believe that we can continue to ramp up the fight against CISPA in the Senate and ultimately prevent passage of either CISPA or its equally- nasty-but-for-different-reasons Senate version, the Cybersecurity Act of 2012. (While I appreciate the White House veto threat, I prefer not to rely on it.). But before I dig into any detail, let me repeat what I said 6 years ago when COPE passed out of Committee despite the effort of grassroots activists on the left and right to stop it:
There’s a lesson here . . . . YOU CAN’T OUTSOURCE CITIZENSHIP. You can’t let “the tech companies” or even “the consumer advocates” or anyone speak for you. Citizenship carries responsibilities that go beyond the ritual of voting every two years. But when citizens wake up and speak up, and speak to each other, they find — to their surprise — they are strong. They find they have power. And they find that being a citizen may take hard work, but it is so, so, SO much better and more satisfying than being a couch potato. As the great Jewish sage Hillel said: “If I am not for myself, who will be for me? If I am only for myself, who am I? If not me then who? If not now, when?”
More on the current situation below . . . .
Why The Senate and House Cybersecurity Bills Suck In Different Ways.
To review quickly, we have two approaches to Cybersecurity, one in the Senate, one in the House. In the Senate, the focus is oriented on Homeland Security and treats Internet connectivity as a “critical infrastructure.” The central idea is to put the Secretary of Homeland Security in charge of protecting us from Cyberterrorists and state sponsored cyber-attacks by giving the Secretary of Homeland Security virtually unlimited authority to designate things “critical infrastructure” and then give DHS authority to assess the risk and create regulations on what critical infrastructure providers need to do to contain that risk.
All of which sounds reasonable until you actually work with DHS on these issues. After about 10 minutes, you discover that they regard everything as “critical infrastructure,” even the publicly available information like the location of cable head-ends. They do not give a rats ass about the practicalities of the approach, the burden their approach imposes on others, and the cost to everyone else. They are quite capable of rendering the Internet 99% useless in order to protect it from attack. This is compounded, however, by an unwillingness to spend money out of their own budget and an ability to miss the occasional glaringly obvious security problem. If you want your online experience to resemble your Airport security check, you will love the Senate Cybersecurity Act of 2012.
CISPA is the House “free market” version and is (especially after amendment last night) much more about the government enlisting companies to spy on U.S. citizens for them. It allows the Director of National Intelligence (“Your One Stop Shop For Domestic and Foreign Spying”) to certify any business the DNI thinks should get intelligence on potential cybersecurity threats. Certified entities are encouraged to share any info they think is important to protecting ourselves and each other from cybersecurity threats (and, after last night’s amendment, for any “cybersecurity crime,” or to “protect any adult or any child”) by being given all kinds of immunity for sharing.
As I wrote back in 2006 in an essay called “Outsourcing Big Brother,” companies have lots of reasons to want to keep government happy and will therefore, by and large, provide government agencies with whatever information they ask for unless the law prevents them from doing so. Indeed, as we saw following 9/11 when the phone companies agreed to work with NSA and law enforcement agencies to assist them generally monitoring our private phone conversations without a warrant, it is hard for companies to resist requests from government agencies even when the law prohibits it. When the government can add the carrot of immunity to the implied stick of government disfavor, no one’s privacy is safe.
A Harder Fight Than SOPA.
In many ways, the fight to defend Internet freedom from CISPA is harder than the fight against SOPA. For a start, SOPA had support from Hollywood, the music industry, and no one else. Indeed, the Cybersecurity Community were unanimously opposed to SOPA because it backed security holes into the structure of the Internet. By contrast, CISPA and the Senate Cybersecurity Act have support from a number of folks in the cybersecurity community. A number of tech companies that opposed SOPA support CISPA. True, many of them do so because they prefer CISPA’s carrot-and-stick approach rather than the Senate “stick only” approach. But even so, we are not going to see any Wikipedia blackouts to raise public awareness. Finally, while most members of the public recognized the Hollywood claims about SOPA and how harmless it would be and how much we need it were self-serving bullcrap, most people have genuine and legitimate concerns about Cybersecurity.
All of this made organizing resistance against CISPA harder. Curiously, however, that is also why the current pressure campaign appears to me very likely to succeed. Having grown this fast and accomplished this much in so short a time, I see a definite path to victory. Not an easy path to be certain, but a clear path moving forward.
Some Very Positive Signs.
Here are the strengths to consider:
The Left/Right Coalition Against SOPA Was Neither Astroturf Nor a Fluke. As Rep. Ron Paul (R-TX) observed after the SOPA defeat, “freedom and the Constitution bring factions together.” Not that groups like Tea Party Express and Moveon.org are actually working together, mind you, so this is perhaps less like a coalition and more like a loosely coordinated assault to beat back a common threat. But whatever you want to call it, the same combination of progressive Netroots and conservative Tea Party activists is proving fairly effective and pressuring members of Congress to take a harder look at the legislation rather than simply trust the leadership and the slogans that this is about protecting national security and deregulating the private sector.
In addition, to proving effective here, it will serve as a further wake up call for those who continue to insist that the popular uprising against SOPA was purely astroturf orchestrated by Google (and Wikipedia) and that if you cut a deal with the tech companies you solve the problem. Turns out, not so much. Real people do care about these issues, and the Internet (at least for the moment) has dramatically enhanced the ability of people to track policy issues such as these, and significantly enhanced their ability to engage directly with their members of Congress. Even when the mainstream media fail to cover the story, the combination of “inside the beltway” advocacy groups and “outside the beltway” organizers makes civic engagement possible in ways that previously took much greater effort and resources.
House Leadership Had To Rush The Vote. The fact that House Leadership moved up the vote by a full day demonstrates just how effective the citizen uprising against CISPA proved to be, despite the support of tech companies that supposedly ran the show against SOPA. Republicans found themselves rapidly losing support. Meanwhile, the White House veto threat helped to persuade a number of Democrats, including some who had previously co-sponsored CISPA, against the bill. If we had another day, opponents might well have managed to strip away enough support to deny passage or find ways to delay the vote until after the weekend — when citizens would have mobbed members in their districts to voice their displeasure with the bill.
Why does it matter, given that the bill passed? Because the Senate version is substantially different. Unless the Senate gives up on its version and passes a measure identical to the House, the Senate and House versions will require reconciliation in Committee and a new vote on whatever hybrid version passes. That means that we have the opportunity to fight in the Senate and a second opportunity to detach supporters in the House. While House Leadership won a victory for CISPA, they have not yet won the war — and the way they won the victory highlights their growing vulnerability.
The White House Veto Threat. There are several elements to this, regardless of whether you believe Obama will ultimately carry out this threat of CISPA passes. First, it provides a powerful weapon for organizing Dems in Congress. Second, it indicates that the faction within the White House that cares about civil liberties and privacy is –at least for the moment — in ascension. When evaluating the actions of the White House, it is important to remember that while the President sits at the center and sets the general tone and course of action, he relies heavily on advisers charged with protecting different pieces of the President’s overall agenda. Something like CISPA works against several presidential priorities, which include a general pro-privacy agenda and an Internet freedom agenda. Those within the Administration who care about these things push back against the cybersecurity people who want a cybersecurity bill, even if CISPA is not their first choice. The best any president can do is give general directions and priorities and make an ultimate decision on the big call. Details have to be left to the advisers. So if the pro-privacy pro-internet freedom agenda faction is in ascendance, even if that is in part because some of the Cybersecurity faction want to push the Senate Bill rather than CISPA, that’s a good sign.
Keep in mind that the White House does not make veto threats idly, because they lock the White House into specific positions and can exact a significant cost. So getting a CISPA veto threat, especially at this early stage, is a strong sign and invests the White House in seeing CISPA defeated or substantially modified.
Path To Victory.
The path to victory lies in keeping the pressure on, including the push in the House to detach supporters for when the bill comes back again from Conference (if it gets that far). Meanwhile, it is important to secure champions in the Senate and to push for as many public commitments as possible against either bill.
The chief danger lies in the Senate Cosponsors being willing to accept CISPA as an alternative in order to get something passed. Since the Senate Cybersecurity Act of 2012 has already been reported out of Committee, this would take an amendment on the floor. As a secondary goal, it is worth pressuring Senators to commit to an anti-CISPA position even if they are generally supportive of the existing Senate version. There is no reason why supporters of the current Senate version should view CISPA as a superior alternative, and every reason to view it as worse than nothing (especially in light of the expansive amendment adopted last night).
I do not mean, by any stretch of the imagination, to suggest this will be easy. To the contrary, with the tech companies pushing the
Senate to adopt CISPA as an alternative to the Senate Cybersecurity Act, the danger that CISPA will pass remains very real.
But at the same time, we have enormous reason to believe we can win this fight. Let me close as I closed exactly 6 years ago today, April 27, 2006, right after we lost the Committee fight on COPE.
When Ben Franklin left the Constitutional Convention someone shouted to him from the crowd “Mr. Franklin, what have you given us?” He answered “A republic — IF YOU CAN KEEP IT.” The Sausage Factory of democracy is a messy business, but it’s worth it. We can either let other folks make the sausage and eat whatever shit they put in, or we can wade in and make sure it comes out alright. We lost today’s battle. But we are turning the tide in the war. And if we keep growing and going like we have in the last week, we will win.
Stay tuned . . .