news analysis Politicians behind a surveillance bill that would let Internet companies open their networks to the U.S. government briefly found a new friend this week: a non-profit group known for its privacy advocacy.
Until yesterday, opposition to the CISPA legislation appeared to be growing, with Republican presidential candidate Ron Paul and House Democrats raising new concerns. A petition opposing the bill, also known as the Cyber Intelligence Sharing and Protection Act, had garnered nearly 800,000 signatures.
Then the Center for Democracy and Technology, a well-known advocacy group based in Washington, D.C., defected from the expanding anti-CISPA coalition. In a statement yesterday, CDT announced that "we will not oppose" the bill going to the floor for a vote.
CDT's timing could not have been more auspicious for the backers of the controversial cybersecurity bill, who have been trying to solidify support before a House floor debate that begins tomorrow.
The bill's authors seized on CDT's statement to argue that the anti-CISPA coalition was fragmenting, with an aide to House Intelligence Committee Chairman Mike Rogers (R-Mich.) sending reporters e-mail this morning, recalled a few minutes later, proclaiming: "CDT Drops Opposition to CISPA as Bill Moves to House Floor." And the Information Technology Industry Council, which is unabashedly pro-CISPA, said it "applauds" the "agreement between CISPA sponsors and CDT."
CDT is "no longer opposing it in the House, and that's an important step for us," Rogers said on a conference call with reporters yesterday. Speaking more generally about civil liberties groups, Rogers said: "They're not completely there, but they do like our language. That's a big gain for us."
That placed the remaining coalition members in the unenviable position of trying to convince congressional staff that CISPA remained so objectionable that their bosses should vote against it.
Why CISPA is coming under fire
What sparked the recent privacy outcry over CISPA -- including a petition signed by nearly 800,000 Internet users -- are portions of the law that would allow Internet companies to open their networks and confidential customer data to the feds for cybersecurity purposes.
One section of CISPA says that "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, or the National Security Agency. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more.
It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may "have unforeseen consequences for both existing and future laws." Not one of the amendments cleared by the House Rules committee this evening would change this language.
"We disagree with CDT," Michelle Richardson, legislative counsel with the ACLU, told CNET early today. "It's still a bill about the government warrantlessly getting our Internet records. At the end of the day, it's about whether the NSA is going to get my Internet records."
"The civil liberties community hasn't changed its position on this," Electronic Frontier Foundation activism director Rainey Reitman said. "It's unfortunate when lawmakers don't differentiate between the different types of groups out there."
CDT appears to have inked a deal with the House Intelligence committee not to criticize CISPA -- in exchange for a commitment from Rogers to offer amendments that, while improving the bill, would not go nearly as far as the ACLU and other coalition members wanted. (The existence of this deal was confirmed by a House aide.)
The Constitution Project told CNET today that it had been offered that deal by the House Intelligence committee as well. In exchange for advancing those amendments, Larry Akey, the project's director of communications said, "the committee asked that we hold off on active opposition to the bill."
For its part, CDT said this morning that it's "on record as opposing CISPA" and that amendments are "critical to protect civil liberties." Even its critics often acknowledge it's useful to have a spectrum of organizations involved in negotiations; congressional offices may be more likely to return calls to CDT than the ACLU. And, tactically speaking, if Rogers had enough votes to get CISPA enacted -- still an open question -- it's better to have the amendments drafted and available than not to have them at all.
Jim Harper, director of information policy studies at the Cato Institute, a libertarian think tank that has criticized CISPA, added: "A lot of people in Washington, D.C. think that working with CDT means working for good values like privacy. But CDT's number one goal is having a seat at the table. And CDT will negotiate away privacy toward that end."
By this afternoon, however, something unexpected had happened: the White House issued a formal veto threat. Its statement opposing CISPA said the measure "departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres" (the Obama administration has backed a competing proposal of its own).
For civil liberties groups, this was a welcome gift. But for CDT, the announcement posed a problem. The Obama administration was not consistently pro-privacy; it had endorsed warrantless GPS tracking before the U.S. Supreme Court, and is poised to do so again in litigation over warrantless cell phone tracking. A piece from Salon.com columnist Glenn Greenwald last year was titled, "The Obama administration's war on privacy."
In other words, a not-exactly-pro-privacy administration was willing to label CISPA as unacceptable, but CDT was left muzzled because of its deal with House Intelligence. The group was left in an near-untenable position.
And so, around 6 p.m. PT today, CDT Vice President Jim Dempsey sent CNET a statement saying his group was again altering its position on CISPA. Dempsey effectively blamed House Intelligence for not honoring its end of the deal:
In issuing a rule [PDF] excluding amendments on two of the major privacy and civil liberties issues remaining in CISPA -- the flow of information to the National Security Agency and the authority to use information for non-cybersecurty purposes - the House leadership has squandered an opportunity to achieve balanced cyber security legislation...
We worked very hard to improve this bill. Now that the House leadership has decided to block amendments addressing two of our core issues, CDT cannot stand silent. We must oppose CISPA.
This episode will likely solidify CDT's reputation in Washington as an unusual breed of advocacy group: one that is viewed as a civil liberties organization, even though nearly half of its revenue (PDF) comes from companies in the technology, telecommunications, and data broker industries.
CDT frequently adopts positions that tend to benefit its funders. It sued Utah and Pennsylvania to overturn pornography laws opposed by Internet providers. The group has also backed concepts like P3P, a self-regulatory approach that Web companies used to avoid new privacy laws but was opposed by nonprofit privacy organizations that do not rely on corporate funding.
The Justice Department once argued in court documents that technology corporations "funneled money through" CDT to fund litigation. In another sign of close ties with the industry, Alan Davidson, CDT's associate director, was hired by Google to run its Washington lobby office (he left last fall.)
How this week's deal was made, and then quickly unraveled, echoes a longer-lasting deal that CDT founder Jerry Berman orchestrated when he was policy director at the Electronic Frontier Foundation nearly two decades ago.
When the FBI was pressing for the Communications Assistance for Law Enforcement Act (CALEA) in 1994, most privacy groups, such as the ACLU and the Electronic Privacy Information Center, remained steadfastly opposed to the measure. CALEA required telecommunications companies to design their networks to be explicitly wiretap-friendly.
Berman, a longtime Washington hand, eventually let EFF endorse what he described as a compromise proposal that was more privacy-sensitive. A number of procedural safeguards were added that seek to minimize the threats to privacy, security and innovation, Berman told a House panel in September 1994.
EFF's position -- which supported reimbursing companies for wiretapping compliance -- also happened to coincide with the interests of some of the telecommunications giants that provided it with cash. AT&T, Bell Atlantic, Apple Computer, and Microsoft gave EFF a combined $235,000 in 1993.
With EFF's cautious endorsement, CALEA easily cleared both houses of Congress, and President Clinton signed it in October 2004. After a chastened EFF board ousted Berman soon afterwards, he created what became CDT and brought with him like-minded staffers, corporate dollars, and a penchant for compromise and deal making.
That practice continues today. Earlier this month, CDT welcomed the launch of a Center for Copyright Information, which will administer a "six-strikes" graduated response system to slice off the Internet connections of suspected copyright infringers.
CDT's statement applauded Berman, who was appointed to the center's advisory board, as an "early visionary" and concluded that the center had "made a real effort to get balance, diversity, and issue-specific expertise."
EFF's response was the opposite. It savaged the idea, saying it's time to "press the reset button." It then pointed its members to a campaign designed to pressure Internet providers to drop out of the entire program.
Christopher Soghoian, a Washington, D.C.-based fellow at the George Soros-funded Open Society Foundations and sometime critic of CDT, says the group's CISPA flip-flopping has increased the odds that the bill will become law.
"Unfortunately, CDT's day-long support of CISPA will probably give those pushing this bill enough political cover to vote for it while claiming that the privacy issues have been addressed," Soghoian said. "The damage is done."