We’ve had a bit of a break from Congress’ cybersecurity legislative hoopla since the House passed the contentious Cyber Intelligence Sharing and Protection Act (CISPA) late last month. But with the Senate back from recess, the fight over Internet regulation is roarin’ and ready to roll.

Despite all the fears surrounding CISPA — a bill that would make it easier for the Federal government and businesses to share information (including users’ private communications) — the rumblings from Capitol Hill suggest that CISPA won’t even make it onto the Senate’s agenda, thanks to broad opposition from Senate Democrats and a veto threat from President Obama. (That’s right — you probably don’t have to worry about CISPA itself anymore, though that’s not saying much.) Instead, the Senate is expected to take up two alternative bills, the Cybersecurity Act of 2012 (CSA), and the SECURE IT Act, sometime this month.

Here is a (relatively) concise rundown of what these bills are, and why civil liberties advocates say they too threaten our individual privacy.

What is the Cybersecurity Act of 2012?

The Cybersecurity Act of 2012 (officially known as S. 2105, and often referred to in the press as the “Lieberman-Collins bill”) seeks to establish robust security standards to protect against “cyber threats,” with a particular emphasis on the protection of “critical infrastructure” networks in the U.S, such as electrical grids and air traffic control systems. Companies that operate such systems, assets, or networks would be required to prove to the government that they have certain safeguards in place to protect against cyberattacks.

Like CISPA, CSA also removes certain legal barriers to allow for greater information sharing between the government and the private sector. Finally, CSA establishes the Department of Homeland Security (DHS) as the Federal government’s lead agency for controlling the cybersecurity infrastructure.

Read the CRS summary of CSA here. Or read the full text here.

The CSA was introduced to the Senate on February 14 by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (I-CT), Ranking Member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-CA). Only one other senator, Sen, Sheldon Whitehouse (D-RI), has co-sponsored the bill since its introduction, though it has explicit support from Senate Majority Leader Harry Reid (D-NV), and the Obama White House.

What is the SECURE IT Act?

Officially known as S. 2151 in the Senate, and H.R.4263 in the House, SECURE IT is a direct response to CSA. Like CSA and CISPA, both the Senate and House versions of SECURE IT remove legal barriers to allow for greater sharing of information between the government and businesses. Unlike CSA, however, SECURE IT does not establish a governmental regulatory system to oversee cybersecurity threats or to make sure that security standards are in place for critical infrastructure. Instead, SECURE IT provides a number of incentives to companies that choose to share “cyber threat information” with the Federal government.

Furthermore, SECURE IT establishes criminal penalties for a wide range of cybercrimes, from “trafficking in passwords” to causing damage to critical infrastructure networks or systems.

SECURE IT was first introduced by Sen. John McCain (R-AZ), and has seven co-sponsors in the Senate, all top-ranking Republicans. In the House, SECURE IT was introduced by Rep. Mary Bono Mack (R-CA), and has one co-sponsor.

Read the full text of S. 2151 here, and the full text of H.R. 4263 here.

What is difference between the Cybersecurity Act of 2012 and SECURE IT?

Two words: government regulation.

The fight over these two bills is classic Washington bi-partisanship. The Democrat-backed CSA establishes a governmental regulatory apparatus that would put in place certain mandatory requirements that private companies (specifically those that deal with critical infrastructure) would have to meet. While some say that CSA doesn’t go far enough towards enforcing these standards, Republicans don’t like this “big government” approach to cybersecurity at all. SECURE IT’s chief sponsor, Sen. John McCain, has called CSA a “regulatory leviathan.” And critics in the private sector insist that CSA would put harmful burdens on businesses.

There are, however, quite a few key differences in the eyes of critics, which I’ll get into below.

What do civil liberty advocates have to say about these bills?

They are against both of them. (Surprise!) This week, more than two dozen groups signed on to two separate (but very similar) letters decrying CSA and SECURE IT. Their points of contention with these two bills often echo one another, but do differ to varying degrees. The letters are both worth reading in full (here, here), but here is a concise-as-possible list of their complaints:

Sharing personally identifiable information
CSA: Actually, CSA is better than either SECURE IT or CISPA on this point, as it requires that companies make every “reasonable” effort to strip shared data of personally identifiable information. However, the ACLU says that this still does not go far enough to protect private information.
SECURE IT: Critics say SECURE IT has no “meaningful requirements to ensure that private information is anonymized,” and would actually allow companies “to share the virtually limitless category of private information that ‘fosters situational awareness’” for U.S. security purposes.

Privacy law overrides
CSA: As with CISPA, CSA effectively overrides all other privacy laws to allow companies to share “communications and records” with the government, even if that information has nothing to do with cyber threats.
SECURE IT: SECURE IT does basically the same thing for privacy laws, and also overrides tort laws.

Sharing with the military
CSA: Under CSA, the Department of Homeland Security would establish which government agencies may access information shared under CSA. The legislation allows DHS to designate the National Security Agency (NSA), and other military agencies with little to no public oversight, as “exchanges” of this information — something civil liberties groups say is unacceptable. (This also remains a primary complaint against CISPA.)
SECURE IT: Not only does SECURE IT allow the NSA and other defence agencies to access private information shared under the legislation — it requires it. All information shared under SECURE IT must be immediately shared with the NSA and other military organizations, “thereby nullifying a company’s choice to share user or customer information with a civilian, rather than a military agency.”

Using data for other crimes
CSA: This is perhaps one of the most problematic parts of CSA. Information shared under the legislation may be used for any other criminal investigation — even those that have absolutely nothing to do with cybersecurity — as long as the information “appears to relate to a crime which has been, is being, or is about to be committed.” This, critics say, is a direct attack on the Fourth Amendment requirements for warrants and other privacy safeguards.
SECURE IT: Less extreme than CSA on this point, SECURE IT still allows the government to use information shared under the legislation for “many other crimes” unrelated to cybersecurity, especially many “for which a wiretap may be used.” Again, critics say this is detrimental to our Fourth Amendment protections.

Company liability
CSA: Companies that share information with the government under CSA are granted legal immunity (meaning they cannot be sued or charged with criminal offenses) for doing so. By giving companies this immunity, CSA eliminates their ability to offer meaningful privacy guarantees to users, or to compete with each other by offering better protections than their competitors. It also takes away users’ or customers’ ability to sue these companies for sharing their information with the Federal government.
SECURE IT: The exact same complaint exists for SECURE IT.

In short, both CSA and SECURE IT share many of the same complaints against CISPA, to a greater or lesser degree, depending on which part of the bills you’re looking at. This (above) is only a portion of the complaints made by rights advocates, so it is definitely worth reading both the full text of these bills (warning: they are very, very long), as well as the letters, if you want to have a thorough understanding of the issues at play. Also, the Electronic Frontier Foundation (EFF), one of the organizations that signed both of the letters mentioned above, goes into much greater detail about the problems with these bills here.

Do we really need cybersecurity legislation?

According to those in Congress, the answer is a resounding “YES! For the love of all that is good in this world, YES!”

Or, as Sen. Lieberman explains: “This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles. The nation responded after 9/11 to improve its security. Now we must respond to this challenge so that a cyber 9/11 attack on America never happens.”

This “cyber 9/11″ line is one that has been used by nearly all those pushing cybersecurity legislation — CSA, SECURE IT and CISPA alike. No surprise there, since the scare tactic seems to be working. Wired points out a new study by Unisys (pdf), which shows that more Americans now view cyberattacks as a greater threat to the country than terrorism — a rather amazing thing, considering the years of terrorism fear-mongering that those of us in the U.S. have gone through since the final months of 2001.

That said, even organizations like the Center for Democracy and Technology (CDT) — a key player in the fight against CISPA — says that greater safeguards against cyberattacks are needed. It is impossible to say at the moment, however, whether the threats are genuinely as serious as the politicians make them out to be, or whether legislation like CSA or SECURE IT is needed to protect against those threats.

What happens next?

Neither CSA nor SECURE IT have yet been placed on the Senate’s agenda, though it is widely believed that CSA will come up for consideration on the Senate floor sometime this week. SECURE IT, which does not have the support of Majority Leader Harry Reid, will likely go up for a vote sometime later in the month. (There is no timeframe yet for the House version of SECURE IT going up for a full vote.)

If either CSA or SECURE IT pass, the legislation will then likely be reconciled with CISPA (if CISPA is brought forth at all) before it can go to President Obama’s desk for his signature (or veto, as the case may be). However, the Republican-controlled House has indicated repeatedly that it will not pass a bill that imposes great government regulation, which would likely cause problems for CSA. In the end, it may be Obama’s veto pen — or lack thereof — that decides the future of our online privacy.

Have questions about CSA, SECURE IT, or CISPA? Hit me up on Twitter: @andrewcouts. I’ll do my best to find quality answers for you right away.

As reported by the Colombian-based El Tiempo (Spanish publication), two armed men visited an Internet cafe in an area north of Cali, Colombia and started using two computers. After spending some time browsing the Web, both men went up to the cashier to pay for their usage time and assaulted the man before demanding all the money in the register. Both men escaped with all the money on a stolen motorcycle, but the Internet cafe administrator noticed that one man neglected to log out of his Facebook account prior to making the escape. When Colombian investigators arrived at the cafe, they used the information on his Facebook account to figure out his home address and subsequently made an arrest.

This isn’t the first time that a person committing a robbery has neglected to log out of Facebook before leaving their victim’s home or business. During  August 2009, a teenager named Jonathan Parker broke into a Martinsburg, West Virginia home and stole two diamond rings from the homeowner.

Prior to making his escape, he sat down at the homeowner’s computer and checked up on his Facebook account. When he left the home, Parker’s Facebook account was still open in the laptop’s Web browser. Police quickly arrested Parker after reading information included on the Facebook page and charged him with one count of felony daytime burglary.

Photos uploaded to Facebook have also been the downfall of several criminals recently. During April 2012, a 20-year-old man named Michael Baker in Letcher County, Kentucky had his girlfriend take a photo of him while he siphoned gasoline out of a police cruiser and made an obscene gesture towards the camera. After Baker uploaded the picture to his Facebook page, it was quickly shared among the community and appeared before the eyes of the local police. The local authorities quickly arrested Baker for the theft and Baker got the privilege of spending a night in jail for the theft. After this incident, the local police are considering installing locking gas caps on all their cruisers.

In a similar story during March 2012, a twenty-one-year-old man named Steven Mulhall was arrested on violation of probation charges after stealing Broward Circuit Judge Michael Orlando’s nameplate off an office door.

Police discovered the theft after Mulhall posed with the nameplate for a picture and the picture was uploaded to Facebook by his girlfriend. While the cost of the nameplate was only $ 40, Mulhall now faces felony charges since he violated his parole based off his prior multiple convictions for petty theft.

Sometimes simply accepting a Facebook friend’s request can lead to jail time for a known thief. During December 2010, a Massachusetts man stopped at a gas station to fill up his car and managed to slip out of the station with a 27-inch flat screen television that he pried off the wall. The manager of the gas station used his photo from surveillance video and his name from the credit card receipts to track down the man’s Facebook profile. After the manager sent him a friend’s request and he accepted, the manager used all the photos on the thief’s account to verify his identity. This information was eventually turned over to the local police and an arrest shortly followed.

The problem with Twitter, it appears, is the risk of missing something important when you’re not constantly refreshing your feed of 140-character-or-less messages from friends, family and famous folk. If that’s something you’ve had trouble with in the past, here’s the good news: Twitter is going to take care of that for you. Here’s the bad: It’ll mean another email in your inbox.

The company today launched a weekly email digest of what it’s calling “the most relevant Tweets and stories shared by the people you’re connected to” on the social service. The email seems to work in a similar way to the recently-launched Discover tab summarizing links and Tweets not only from your own follow list, but also those who are followed by those you follow (Think “Friend of a Friend,” but for Twitter), with each headline a link taking the reader directly to the Tweet or story in question.

While the email’s creation does create a second channel for the company to reach users – and, potentially more importantly for the company, a second channel in which users can be exposed to sponsored Tweets or other forms of advertising – it also dilutes the Twitter brand by taking it outside of its traditional (and specialized) channel and pushing it towards what seems an already existing area. What separates this service from Summify’s offering, for example, other than the frequency (And, for that matter, wouldn’t a daily summary email seem more timely than a weekly one)?

The email summary service will be rolled out over “the next few weeks” according to the blog post announcement. For those who don’t wish to receive what could seem like spam on a weekly basis, there’s the opportunity to opt out via the site’s Notification Settings tab.