A controversial amendment to an already controversial cybersecurity bill, which would have expanded an archaic 1986 anti-hacking law, isn’t going to get a vote in the U.S. Senate. And Sen. Sheldon Whitehouse (D-R.I.), who proposed the measure, is frustrated.
Whitehouse headed to the Senate floor on Wednesday to point out that his amendment to the Cybersecurity Information Sharing Act (CISA) is bipartisan and supported by the Justice Department. After explaining what it would do, he wondered if there were “some hidden pro-botnet, pro-foreign cybercriminal caucus here that won’t let a bill like mine get a vote.”
Whitehouse’s amendment includes a section on stopping “botnets,” or networks of computers that have been taken over and used to send spam, viruses or distributed denial-of-service attacks to other computers. Botnets have been used by individual hackers, hacker collectives like Anonymous and organized crime networks around the world to knock websites offline, distribute massive amounts of spam or conduct phishing scams.
If you’re not against botnets, perhaps you must be for them?
The Center for Democracy and Technology and a host of other civil liberties activists, privacy advocates and security experts actually oppose the amendment for reasons that have nothing to do with protecting spammers. They explained in a letter on Tuesday. (CFAA is the Computer Fraud and Abuse Act, the 1986 law that so clearly needs updating.)
First, the amendment would expand the existing prohibition in the CFAA against selling passwords to any “means of access” without clarifying how the law applies to legitimate computer security research, such as paid researchers who identify and disclose software vulnerabilities. Second, the amendment includes a requirement that empowers government to obtain injunctions that can force companies to hack computer users for a wide range of activity unrelated to botnets, though the provision is ostensibly directed at stopping botnets. Third, the amendment would create a broad new criminal violation for damaging critical infrastructure, which is already illegal under the CFAA.
And as Politico Pro’s David Perera noted, a secret caucus of senators who support networks of zombie computers wasn’t the problem.
Instead, what apparently led to the amendment fizzling was the Senate parliamentarian designating the amendment as “non-germane” and Sen. Ron Wyden (D-Ore.) highlighting the amendment in his overall opposition to CISA.
Whitehouse’s amendment is the least of CISA’s difficulties. Access Now and other civil society organizations launched a campaign at StopCyberSpying.com on Wednesday to try to mobilize the public against the legislation, in much the same way that citizens were encouraged to contact Congress to oppose the Stop Online Piracy Act and the PROTECT-IP Act in 2012. (Neither bill passed.)
Whether the Web can change Washington again remains to be seen.
Editor’s note: Verizon, which owns The Huffington Post, supports CISA.
— This feed and its contents are the property of The Huffington Post, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.