During Google I/O 2013, Derek Slater, Jen Pahlka and others hosted a session titled “Beyond SOPA: What You Can Do To Influence Tech Policy:”

From SOPA/PIPA and CISPA, to immigration and patent reform, government is taking a renewed interest in the Internet and the businesses we’re building on it — in some cases, there is even a new focus on the use of technology which can solve government problems.

As a result, government is looking for input from our community of entrepreneurs and developers about what our needs are as a community, and how they can build better public policy in our interest.

So, what are the most efficient, easy ways for you to get involved? Join us for a panel of some leaders in the Internet advocacy space to learn how you, as a developer, can get more involved in creating better policies that can affect your business.

The House reaffirmed its hands-off approach in legislation it passed yesterday evening. The bill, H.R. 1580, is titled “To affirm the policy of the United States regarding Internet governance.” If you couldn’t tell from the title, it’s simply a resolution saying that the United States will continue supporting the multi-stakeholder approach in regards to Internet development.

It’s encouraging then that the bill was passed unanimously. Of course, no congressman would be caught dead voting against the bill as it would suggest that they were in favor of some rather unpopular suggestions made during a U.N. meeting on Internet governance late last year.

The bill’s sponsor, Greg Walden, praised the multi-stakeholder approach to the Internet on the House floor last night, and confirmed that the bill is meant to send a message to other governments:

“Government’s hands-off approach has enabled the Internet’s rapid growth and made it a powerful engine of social and economic freedom. This bipartisan bill is designed to combat recent efforts by some in the international community to regulate the Internet, which can jeopardize not only its vibrancy, but also the benefits that it brings to the entire world.”

Now, this is a good thing. It’s nice to see that at least the House is all for an Internet free from government control, but it’s unfortunate that the House sees a difference between control and intervention. SOPA, PIPA and CISPA wouldn’t hand over control of the Internet to the government, but it would give the government untold powers to intervene.

It’s much the same argument that countries like Saudi Arabia and China made during the ITU conference last year. They weren’t arguing that the Internet be placed entirely under their control. Instead, they argued that they should be given power over their corner of the Internet to intervene when things got out of control. Granted, CISPA and SOPA were never advocating something like the Great Firewall of China, but they could spiral into something similar if allowed to take effect.

In short, the Internet is a precious resource that has flourished thanks to the current multi-stakeholder model. It’s encouraging to see the U.S. government continue to recognize this, but it’s high time the U.S. government also recognizes that its attempts to regulate the Internet would violate the very legislation the House passed last night.

[h/t: The Hill]

In an official response to the “Stop CISPA” petition on the We The People Web site, the White House says that any new cybersecurity legislation “must not violate Americans’ right to privacy.” The administration says that’s the reason why it issued a veto threat against CISPA earlier this month. That veto threat may led to CISPA’s death, but the White House says it’s still open to working with everybody to pass cybersecurity legislation.

To that end, the White House says that cybersecurity legislation is a must to counter the “constant threat of cyber crime, espionage, and attacks.” The administration, unlike the House, does admit there are already tools in place, however, to facilitate cooperation between the government and private companies to share threat information. It just feels that the current tools in place aren’t enough:

But you might ask, “Isn’t this collaboration already happening?” The simple answer is yes, but inefficiently. When it comes to information sharing, we need clearer rules to promote collaboration and protect privacy. Right now, each company has to work out an individual arrangement with the government and other companies on what information to share about cyberthreats. This ambiguity can lead to harmful delays.

There is broad consensus on the need for more threat-related information sharing — including among the leading privacy advocates we regularly engage on the issue. The essential question on which people across the spectrum disagree isn’t if we can share cybersecurity information and preserve the principles of privacy and liberty that make the United States a free and open society — but how.

The White House has admirable goals, but we’ve heard all of this before from the House. We were promised that CISPA would respect privacy and civil liberties, but that obviously wasn’t the case in the end.

To allieve the concerns of citizens, the White House says that it will only support cybersecurity legislation that adheres to these three principles:

It’s important that any information shared under a new cybersecurity law must be limited to what’s relevant and necessary for cybersecurity purposes. That also means minimizing information that can be used to identify specific individuals. For example, if a utility company is looking for government assistance to respond to a cyber attack, it is unlikely that it needs to share the personal information of its customers, like contact information or energy-use history, with the government.

Cybersecurity legislation needs to preserve the traditional roles for civilian and intelligence agencies that we all understand. Specifically, if legislation authorizes new information sharing between the private sector and the government, then that new information should enter the government through a civilian department rather than an intelligence agency. That doesn’t mean breaking the existing mechanisms that already work. For example, victims of cyber crime ought to continue to report those violations to federal law enforcement agencies and public-private information-sharing relationships that already exist should be preserved.

Any new legislation ought to provide legal clarity for companies that follow the rules and appropriately share data with the government. But it should not provide broad immunity for businesses and organizations that act in ways likely to cause damage to third parties or result in the unwarranted disclosure of personal information.

In short, the above takes care of pretty much every complaint privacy advocates had with the original CISPA. The White House says it will continue to apply the above principles in its on-going discussions with those in the Senate currently crafting cybersecurity legislation.

CISPA may be dead, but the issue of cybersecurity is far from over. We’ll continue to follow the Senate’s efforts as it works on its own cybersecurity legislation.

Although CISPA as a whole saw bipartisan support, one last-minute amendement that looked to curtail a worrisome practice by employers was shot down on party lines.

Colorado Democrat Ed Perlmutter attempted to tack on a provision to CISPA that would make it illegal for employers to require prospective employees to hand over their social media passwords as a condition of acquiring or keeping a job.

Has an employer even demanded one of your social media passwords as a condition of being hired or keeping your job? What was your reaction? Let us know in the comments.

The proposal was voted down 224-189, with Republicans in the majority.

“People have an expectation of privacy when using social media like Facebook and Twitter. They have an expectation that their right to free speech and religion will be respected when they use social media outlets. No American should have to provide their confidential personal passwords as a condition of employment. Both users of social media and those who correspond share the expectation of privacy in their personal communications. Employers essentially can act as imposters and assume the identity of an employee and continually access, monitor and even manipulate an employee’s personal social activities and opinions. That’s simply a step too far,” said Perlmutter.

This isn’t the first time that Perlmutter has introduced this sort of legislation. Last year, the same employee password protection language was rejected in the House.

Last year, the practice of employers demanding the Facebook passwords of prospective employees became a hot topic. Both state legislatures and the U.S. Congress introduced measures to counteract the rising trend. One particular bill, the Password Protection Act of 2012, was introduced in both the House and the Senate, but went nowhere.

That bill was introduced by Democratic Senator Richard Blumenthal. Before the bill was presented, back in May of 2012, he, along with Senator Chuck Schumer (D-NY) sent a letter to both the Department of Justice and the U.S. Equal Employment Opportunity Commission asking them to “launch a federal investigation into a disturbing new trend.”

Soon after that letter was sent, a motion called “Mind Your Own Business on Passwords” failed in Congress. It would have made the employee password issue one monitored by the Federal Communication Commission. They would have had the right to declare the practice illegal.

So, the Password Protection Act of 2012 moved forward. The language made it a crime that any employer “for the purposes of employing, promoting, or terminating employment, compels or coerces any person to authorize access, such as by providing a password or similar information through which a computer may be accessed.”

But it died, and has been referred back to committee.

The Password Protection Act of 2012 isn’t the only federal bill proposed to deal with the issue. Say hello to SNOPA, or the Social Networking Online Protection Act. It aims to do what the PPA tried to do, but with even clearer languge:

To prohibit employers and certain other entities from requiring or requesting that employees and certain other individuals provide a user name, password, or other means for accessing a personal account on any social networking website.

It’s been introduced, and referred to committee. No movement yet.

On the flip side, some states have had success in passing bans on the practice. First, the state of Maryland enacted a law banning password snooping. And this year, laws in both California and Illinois went into effect.

“It’s not déjà vu — this is the same amendment I introduced twice last year, so people have had plenty of time to study and discuss it. It has bipartisan support. It wouldn’t kill the underlying cyber-security bill; it wouldn’t send it back to committee. It merely safeguards an individuals’ personal privacy as they use their own personal social media accounts,” said Perlmutter of his CISPA add-on.

It’s important to note that Perlmutter did in fact vote yes on CISPA.

But despite those claims, the provision was crushed. If the past year is any indication, password protection legislation must be tackled at the state level, as it’s the only place that its been able to see any sort of success.

Do you think that we need a federal law banning the practice of password snooping by employers? Do you think that it’s better left to the states? Or, do you see no reason for any such legislation on any level? Let us know in the comments.

US News reports that the Senate has decided not to take up CISPA. In short, CISPA is dead. The bill that would have given companies full legal immunity when sharing your personal information with the government will have its remains scattered on the winds of history yet again.

It seems that CISPA’s death can be largely attributed to two factors. For one, Sen. Jay Rockefeller, chairman of the Committee on Commerce, Science and Transportation, came out against CISPA saying it lacked privacy protections. Rockefeller holds considerable sway in the Senate, and his committee would have had a lot of say over CISPA. Secondly, President Obama’s veto threat most likely played a major role in the Senate’s rejection of CISPA.

We can relax now that CISPA is dead, right? Unfortunately, the answer is a little unclear at this point. An unnamed representative on Rockefeller’s committee says that “issues and key provisions” of CISPA will be divvied up and made into separate bills. In other words, CISPA will be broken up into smaller, separate bills in the Senate. The problem with this approach is that some of the less vile, but still damaging, provisions of CISPA can make it through as they won’t be attached to the really bad stuff.

Of course, there’s always the possibility that the Senate will craft a handful of bills that narrowly target the areas not covered by President Obama’s cybersecurity executive order without sacrificing civil liberties. It would certainly be nice, but the Senate’s past attempts at writing cybersecurity legislation certainly don’t inspire confidence.

Either way, we won’t be seeing any cybersecurity legislation out of the Senate for a while. The unnamed representative says the Senate currently has its hands full with a number of other bills that take priority over cybersecurity, including the controversial Marketplace Fairness Act.

Last week, Sen. Patrick Leahy said that the Senate Judiciary Committee would be marking up an update to the Electronic Communications Privacy Act. The decades old bill allows law enforcement to obtain emails without a warrant as long as said email is 180 days old.

The Hill reports that both the Senate and the House will be taking up their respective email privacy bills today. The Senate Judiciary Committee will be taking a look at Leahy’s bill – S. 607 – that simply requires the police to obtain a warrant when accessing any electronic communication, including email.

In the original announcement of the mark up, Leahy said that ECPA must be updated to counter concerns over the “growing and unwelcome intrusions into our private lives in cyberspace.” Those concerns certainly came to a head earlier this month when documents obtained by the ACLU revealed that the IRS told its agents that they could obtain emails without a warrant. The agency also said that “Internet users do not have a reasonable expectation of privacy.”

Since then, IRS Commissioner Steven Miller said that his agency always obtains a warrant before searching emails. Miller also said that his agency never snoops through email during civil investigations. It wasn’t exactly reassuring, but an updated ECPA would ensure that the IRS, or any government agency for that matter, would never be able to obtain emails without a warrant.

It should be noted that the House will be making a mockery of itself this week by discussing an update to the ECPA after passing CISPA. The House Judiciary Committee will be discussing whether or not the ECPA should be updated to require that law enforcement obtain a warrant before accessing geolocation data. The irony here is that CISPA, in its current form, would allow mobile carriers to share geolocation data with the government without a warrant. Even if the carrier was found in violation of an updated ECPA, it would enjoy full legal immunity under CISPA.

Even so, we’ll continue to follow both discussions and keep you up to date on any changes. The Senate seems to have made an updated ECPA a priority so we may see a final vote as early as next week. That is, of course, if the Senate doesn’t run into any problems with its current controversial bill – the Marketplace Fairness Act.

The popular technology subreddit, which has almost 3 million readers, has gone dark today in protest of CISPA. It’s not like the subreddit has become unavailable, but rather the entire page, except for the ad, is now encased in a darkness that makes reading the links rather uncomfortable on the eyes.

The link at the top of the subreddit redirects users to a post on the Stand subreddit with information on what CISPA means for everyday Internet users. It also contains links to helpful tools that allow users to encrypt not just their Internet connections, but everything on their computer.

Out of all the other tech-related subreddits, it seems that /r/technology is the only one to have gone dark today. There are probably some other smaller subreddits that have also gone dark, but few have the amount of subscribers that /r/technology enjoys. Unfortunately, those who frequent /r/technology are probably already well aware of CISPA. It would have been far more effective for Reddit’s front page to go dark while providing a link to Reddit co-founder Alexis Ohanian’s video calling for action against CISPA.

Still, it’s nice to see at least one mainstream site go dark today in protest of CISPA. Anonymous called for an Internet blackout, but only managed to sign up a little over 400 Web sites. The Web sites that had signed up were not very well known either thus limiting the spread of the message.

UPDATE: Since publishing this story, a number of other popular subreddits have also gone dark in protest of CISPA. Most of the subreddits, including /r/pics, /r/funny, /r/politics, and /r/askreddit include the same link to the post on /r/stand at the top.

One popular subreddit has done something different though. The much loved (or much hated) /r/atheism has a banner protesting CISPA (click to enlarge):

Likewise, CISPA gives the government and corporations the ability to share your private information without a warrant and without much oversight. The bill has been met with some resistance, but not enough. The House passed it with relative ease, and now the fight will go to the Senate. Now everybody’s favorite (or most hated) hacktivist group wants to send the Senate a message with a blackout of its own.

Last week, Anonymous announced that it was organizing a CISPA blackout similar to the SOPA blackout of early 2012. Anonymous had hoped to coerce a number of Web sites into going dark today, but it only managed to get a little over 400 volunteers.

Getting over 400 Web sites to go dark for a day is no small feat, but it just doesn’t compare to the thousands that went dark in protest of SOPA.

Of course, a CISPA blackout could be effectual if Web sites frequently visited by millions of Internet users went dark. Unfortunately, the heavy hitters behind the SOPA blackout (i.e. Google, Reddit, Wikipedia) are refusing to go dark today in protest of CISPA. There are probably a number of reasons for this, but we can only guess at a few of them.

For starters, CISPA isn’t an immediate threat to companies. SOPA would burden Web sites with the responsibility of policing their own content. CISPA encourages companies to share private customer data with the government while granting them complete immunity from legal recourse. CISPA may not present any immediate threat to Internet companies, but Rep. Jared Polis argued last week that it would cause some pretty serious damage all the same:

“[CISPA] directly hurts the confidence of Internet users. Internet users – if this were to become law – would be much more hesitant to provide their personal information – even if assured under the terms of use that it will be kept personal because the company would be completely indemnified if they ‘voluntarily’ gave it to the United States government.”

The other thing standing in the way of an organized CISPA blackout is the organizers themselves. Even among anti-CISPA Web sites like Mozilla, Reddit and others, Anonymous isn’t exactly well-liked. The group’s intentions may be pure this time around, but there’s an argument to be made that CISPA was crafted in response to attacks from Anonymous and other hacking groups.

Anonymous’ planned blackout isn’t a failure, but it isn’t much of a success either. That being said, it at least shows that large groups of people are in opposition to CISPA. It might not be opposed by the teenagers who use Wikipedia to write term papers, but those in the tech community are rightly concerned about the overly broad legislation. It’s unfortunate then that Congress seems to think that only 14-year-olds living in their basements are the only ones opposed to CISPA.

[h/t: RT]

To recap, CISPA is a proposed bill that aims to boost the government’s ability to respond to cyber threats and cyber attacks by sharing private customer information between itself and companies. Its opponents claim the bill is a massive invasion of privacy that serves no use in combatting cyberattacks, but rather will be used to spy on American citizens by granting immunity to those companies that share information.

With CISPA’s passage in the House, the EFF vows to take its fight to the Senate:

“This bill undermines the privacy of millions of Internet users,” said Rainey Reitman, EFF Activism Director. “Hundreds of thousands of Internet users opposed this bill, joining the White House and Internet security experts in voicing concerns about the civil liberties ramifications of CISPA. We’re committed to taking this fight to the Senate and fighting to ensure no law which would be so detrimental to online privacy is passed on our watch.”

If history repeats itself, the EFF won’t have much of a fight in the Senate. CISPA died in the Senate last year as its members argued over its own law – the Cybersecurity Act of 2012. It was a marked improvement over CISPA, but it did have its own issues. The bill died after it failed a Senate floor vote and CISPA was never taken up.

For this year, the Senate will be debating the Cybersecurity and American Cyber Competitiveness Act of 2013. Like CSA, it’s a bit better than CISPA, but its lack of bipartisan sponsorship doesn’t bode well. It also doesn’t help that the bill still hasn’t even been picked up by its respective committee yet.

So, what happens if CISPA somehow makes its way through the Senate? It has to get signed into law by the president, and his administration just recently threatened to veto CISPA if it makes it to his desk. The administration suggested a number of common sense additions to CISPA that would make it far more pro-privacy, but the House ignored those suggestions. Now its up to the Senate to decide if it will actually listen to the thousands of people who are against CISPA.

The Hill reports that the amendment we saw yesterday is entirely different from the amendment that actually wound up in the bill. The amendment has been stripped of its requirement that companies only share information with the DHS. With that requirement gone, the amendment is worthless. It’s only purpose now is to make it seem like CISPA actually respects your privacy.

Needless to say, pro-privacy groups are not happy. The EFF wrote a scathing review of the amendment last night:

The amendment in question does not strike or amend the part of CISPA that actually deals with data flowing from companies to other entities, including the federal government. The bill still says that: “Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes…share such cyber threat information with any other entity, including the Federal Government.” The liability immunity provisions also remain.

While this amendment does change a few things about how that information is treated within the government, it does not amend the primary sharing section of the bill and thus would not prevent companies from sharing data directly with military intelligence agencies like the National Security Agency if they so choose.

The amendment looks bad, and it will probably remain that way. That being said, there might be some changes made to it and the overall bill today before it heads to the floor for final vote. A House aide reportedly said that the sponsors of this latest amendment are in discussions to fix the language in it. If that was the case, why did they change the original text of the amendment that actually did some good? Are they just going to change the amendment back to what it was?

At this point, it’s hard to believe that we’ll actually see any positive changes in CISPA. After all, the bill’s sponsors believe that only 14-year-olds hate CISPA.