U.S. House of Representatives

The good news for foes of a controversial surveillance bill is that House of Representatives members have proposed 44 amendments in advance of a vote later this week.

The bad news is that yesterday's flood of amendments won't do much to address the major criticisms of CISPA, also known as the Cyber Intelligence Sharing and Protection Act.

"A lot of them aren't substantive," Michelle Richardson, legislative counsel for the ACLU, told CNET. "They just put the veneer of privacy protections on the bill, and will garner more support for the bill even without making substantial changes."

One, offered by onetime civil rights activist Rep. John Lewis (D-Ga.), would prohibit monitoring of protestors, but not other Americans. Another, from Rep. Janice Hahn (D-Calif.), says Homeland Security should destroy personally identifiable data after a year has elapsed -- but it does not restrict the collection of sensitive information in the first place.

A third amendment (PDF), offered by Rep. Sheila Jackson Lee (D-Tex.), proposes that Homeland Security should reach out to "minority and women owned business enterprises." The department is also encouraged to aid "socially disadvantaged individuals," defined as someone who has been subjected to "cultural bias" or is "unable to compete in the free enterprise system" because of his or her gender.

A fourth amendment, also from Jackson Lee, would extend CISPA by allowing Homeland Security to "intercept" and "use" data that transits federally-controlled networks. The Competitive Enterprise Institute, a libertarian-leaning think tank, told CNET that this proposal could allow the department to monitor the communications of the federal courts and Congress and intercept tax returns sent to the IRS.

U.S. House of Representatives

What sparked the recent privacy outcry over CISPA -- including a petition signed by nearly 800,000 Internet users -- are portions of the law that would allow Internet companies to open their networks and customer databases to the Feds for cybersecurity purposes.

Probably the most controversial section of CISPA says that "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, or the National Security Agency. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more. (It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may "have unforeseen consequences for both existing and future laws.")

But not one of the 44 amendments that were submitted to the House Rules Committee yesterday afternoon amends CISPA by removing the "notwithstanding" wording.

Lee Tien, an attorney at the Electronic Frontier Foundation, said he's had some conversations with House legislative aides about that portion of CISPA. "No one seemed to want to touch the 'notwithstanding' clause," Tien said.

During a CISPA town hall held at CNET's San Francisco headquarters last week, a House Intelligence aide said that it was necessary to use the wildcard approach -- that is, elevating this measure over all other laws -- because it would be too difficult to write in individual exemptions such as one saying the antitrust laws don't apply.

To be sure, there are amendments that are likely to find at least some support among the anti-CISPA coalition, which has grown to include the ACLU, EFF, TechFreedom, the Republican Liberty Caucus, Fight for the Future, and Demand Progress.

CISPA Amendment #15 Homeland Security would have to provide "assistance" to businesses run by "socially disadvantaged individuals." That class of people is defined as: "(1) an individual who has been subject to racial or ethnic prejudice or cultural bias because of the identity of such individual as a member of a group without regard to the individual qualities of such individual; (2) an economically disadvantaged individual; (3) or an individual who, because of the gender of such individual, is unable to compete in the free enterprise system and has been impaired due to diminished capital and credit opportunities as compared to others in the same business area who are not socially disadvantaged."

"What we've tried to do is both require reasonable efforts to be made to restrict personally information that can be provided and shared and also restrict the government's use of the information it receives," Rep. Adam Schiff (D-Calif.), a member of the House Intelligence Committee, told CNET.

A position paper on CISPA from House Intelligence Committee Chairman Mike Rogers (R-Mich.) said the bill is necessary to deal with threats from China and Russia, and that it "protects privacy by prohibiting the government from requiring private sector entities to provide information." (See related CNET article about yesterday's hearing about "cyberattacks.")

When asked why he didn't try to block CISPA instead of trying to fix it, Schiff replied, referring to the cyberattack threat: "We have to do something about it. No legislation is simply not an option. It has to be addressed. I happen to think that we can meet all of our national security and cyber-protection goals at the same time as we protect our privacy."

Schiff's proposed amendment (PDF) to CISPA says that Homeland Security must adopt policies that "minimize the impact on privacy and civil liberties." It also says that the government may use information turned over by companies only to protect a "network from cybersecurity threats" (instead of unrelated law enforcement purposes such as IRS audits).

Reps. Rogers and Dutch Ruppersberger (D-Md.) have been making modest changes to CISPA, including as recently as yesterday, but have not touched the "notwithstanding" language.

A coalition of conservative and libertarian organizations, including Americnas for Limited Government and Dick Armey's FreedomWorks, sent a letter last week to Congress outlining seven problems with CISPA. The amendments announced yesterday appear to address four of their seven concerns.

The 44 amendments will be discussed during a House floor debate on CISPA that's scheduled to begin on Thursday, with a final vote scheduled on Friday.

CISPA foes have been scrambling to rally opposition in the week leading up to the vote, with Republican presidential candidate Ron Paul on Monday likening the measure to "Big Brother writ large"; 18 House Democrats expressing privacy concerns (PDF); and veteran Internet engineers saying CISPA and a similar Senate bill "allow entities who participate in relaying or receiving Internet traffic to freely monitor and redistribute those network communications." But Internet companies, including Facebook, have generally been enthusiastic about CISPA.

"A lot of the amendments aren't objectionable," says the ACLU's Richardson. "When you add them up, you're not substantially protecting Americans' Internet communications and Internet use history and things like that. At the end of the day, you're just not."