20 May 2013
Texas votes on its own CISPA-like cyber bill
The biggest thing to come out of Texas may turn out to be a blow to Internet freedoms: legislators there are considering a bill that would compromise privacy on the Web for all residents of the Lone Star State.
Lawmakers in the State Senate are expected to vote Monday on a bill that, if passed, would compel Internet Service Providers (ISPs) anywhere in the world to fork over private Web records if that information could aid in a criminal investigation.
Federal legislation already in place would likely trump any attempts from Texas prosecutors to pry personal ISP records or other online communications from the likes of social networking sites, but the efforts on behalf of Lone Star lawmakers to get the ball rolling on a new cyber-spy bill are indeed very real. Last week, its companion bill in the State House of Representatives passed unanimously, and similar outcome in the Senate is all now expected any moment. Now should SB 1052 proves victorious in the Senate, an Internet surveillance bill written in Texas but with international implications could be added to the law books later this year.
Ben Sherman of the Burnt Orange Report cautioned in a blog post last week that the bill could be very dangerous to all Americans if passed because it would let local authorities seize electronic records held on servers outside of Texas.
“The bill requires any Internet provider to people in Texas (that is - just about the entire Internet) to respond to search warrants for online communications in 4-30 days. That is an extremely narrow window which makes it difficult for Internet providers to keep users' other information private,” he wrote.
Following the failed attempts to pass cybersecurity bills on a national level, as seen most recently in the stalled Cyber Intelligence Sharing and Protection Act (CISPA), a number of state and local governments have considered bills that would bring the tools asked for in aborted federal acts into the hands of prosecutors in Texas.
Whereas CISPA sought to find a way to ease the sharing of potentially dangerous information between third-party businesses and the federal government, the efforts coming out of Texas would ensure that ISPs and any other businesses that operate over the Web would have to relinquish user data if a police officer argues there is probable cause it is pursuant to an investigation.
“Internet communications companies often hold information and data vital to prosecute an offense under state law, particularly relating to Internet crimes. Although the certain electronic communications may take place within a state, law enforcement officers must apply for a local search warrant in an Internet company's jurisdiction, often found out of state,” wrote the bill’s author, Sen. John Carona (R-Dallas). “This limitation hampers law enforcement’s efforts to obtain evidence on Internet criminals, who are able to remove or change identifying data much faster than law enforcement can obtain warrants.”
Sherman, however, thinks the law could be used broadly to bring any sort of online evidence under the magnifying glass of prosecutors, causing a widespread fishing exhibition that will allow law enforcement to essentially request any sort of electronic communication of any business that operates online.
“The electronic communications at risk include all online communication - emails, Facebook messages, tweets and messages on private list servers,” wrote Sherman. “Additionally, the bar is set extremely low for police officers to prove that they may find something important in a person's online communications.”
Indeed, SB 1052 only asks that probable cause “must be supported by the oath or affirmation of the authorized peace officer.”
“That is almost not a standard at all,” insisted Sherman. “With a bar so low and a reach so broad, such legislation will lead to widespread abuse and exposure of private information, and enable politically motivated ‘investigations.’ This is government overreach and Texans of all political ideologies should oppose it. If this bill becomes law, any investigation that can be brought into the Texas jurisdiction would have all the tools of CISPA, in which any private online activity can be easily seized by the government, at its disposal. That is terrible news not only for Texans but for all Americans.”
“The bill,” acknowledged Sen. Carona, “reciprocates the electronic data search warrant process with other states already implementing similar statutes, which would allow Texas to serve data search warrants directly to out of state companies as well.”
Later in the text, the bill is described as extending “the jurisdiction of district judges by granting them privileges to issue data search warrants beyond the physical boundaries of the state for computer data searches only.”
The House version of the bill — nearly identical to Sen. Carona’s version — passed on May 7 with no opposition. Rep. John Frullo (R-Lubbock) co-authored that bill and told lawmakers in the capital that passing the bill would be instrumental in stopping predators who stalk children online.
"Under current law," Frullo said, "Texas judges' ability to order a search ends at the state line. In our technology-driven society, this limitation hampers law enforcement's efforts to go after the evidence needed to prosecute those who commit these horrible crimes and exploit our children."
“Predators are hurting, exploiting and assaulting our children through the use of the internet. That needs to stop,” he said in a press release earlier this year. After this week’s vote, his colleagues in the Senate will decide if they are willing to join his side — and at what cost to privacy.