The Stop Online Piracy Act and the Protect IP Act threatened free speech, online innovation, legitimate expression and communication. Internet activism, including a voluntary blackout on 18 January 2012, caused US Congress to shelve both legislations, but tech companies and civil liberties advocates now fear that the Cyber Intelligence Sharing and Protection Act (CISPA) is more of the same or worse.The articles linked here provide legal and social commentary worth digesting if you are interested in understanding the effects of US Congress enacting this legislation.
CISPA has more support than SOPA/PIPA, in no small part because CISPA offers protections against liability for providers who voluntarily share intelligence information. CISPA opposition remains concerned that the language is too broad, that the bill would allow access to private information for purposes other than those stated (protection of IP, prevention of piracy, suppression of First Amendment rights). I have included sample Letters of Support from Facebook, Microsoft, and Intel illustrate why the tech industry is not as uniformly opposed to CISPA.
The US House of Representiatives passed CISPA on 26 April without clear resolution of privacy or civil liberties concerns. The Senate is now studying the Bill (summary here), amending it and producing their own, see Lieberman-Collins Cybersecurity Act.
Selected quotes provide a sense of the nature and tenor of each article. The ACLU has a comparison chart that calls attention to and compares the major aspects of CISPA, SOPA, PIPA, and other cyber bills.
Photo by Danilo
World's Largest Organization for Computer Professionals Comes Out Against CISPA
Mark M Maycox - 7 JUNE 2012
"The US Public Policy Council of the Association of Computing Machinery (ACM), representing ACM, came out against CISPA [arguing that it] destroys core privacy protections by providing vague definitions and unfettered access to personal communications by companies and government agencies. In one such example, ACM criticized the expansive definition for 'cyberthreat information,' which could 'encompass everything from port scans to destruction of entire networks.'"
The Cybersecurity Act (S. 2105) Threatens Online Rights - a Handout for Your Senator
Rainey Reitman - 7 June 2012
"Worried about the Lieberman-Collins Cybersecurity Act? You should be. As we've explained before, it poses serious threats to online rights. Here's a one-page handout you can use as a reference."
Dems: Time 'Running Out" for Cyber Bill
Brendan Sasso - 4 June 2012
"Speaking at the Military Academy at West Point, Rep. Jim Langevin (D-R.I.) acknowledged that there is still 'a gulf in opinions' about the government's role in protecting private computer networks — a divide that has become 'an increasingly daunting barrier' to passing comprehensive reforms."
Granick on CISPA's Deficiencies
Jennifer Granick, Eric Goldman - 15 MAY 2012
"CISPA (1) fails to comprehend the ways in which existing laws allow sharing, but with accountability; (2) runs roughshod over federal and state laws protecting privacy; (3) could inadvertently immunize retaliatory hack-back security techniques; and (4) creates an "inner circle" of private entities willing to share and share alike with the government, but leaves disfavored service providers in the cybersecurity dark."
Civil Liberties Advocates Call Senate Cybersecurity Bills 'Fundamentally Flawed'
Josh Smith - 14 MAY 2012
"'both proposals are fundamentally flawed when it comes to privacy safeguards, oversight and accountability, and both bills require substantial amendments to address our concerns,' Sharon Bradford Franklin, senior policy counsel at The Constitution Project, said in a statement."
SECURE IT Coalition Letter to the US Senate
Hosted at CDT - 14 MAY 2012
Senate Dems modifying cybersecurity bill to pick up GOP votes
Brendan Sasso - 6 MAY 2012
The White House and Senate "have endorsed an alternative bill from Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) that includes tougher privacy protections and would authorize the Homeland Security Department to set mandatory security standards for critical infrastructure... Supporters of the Senate bill argue that mandatory standards are necessary to ensure that critical systems are safe from a catastrophic cyber attack...But a group of Republicans, led by Sen. John McCain (Ariz.), has slammed the Lieberman-Collins Cybersecurity Act as an example of big government overreach."
CISPA Fight is Far From Over, Don't Fall Asleep
Bill Brenner - 2 MAY 2012
"Supporters include COMPTEL, Verizon, Tech America, USTelecom, CTIA – The Wireless Association, Sprint Nextel Corporation and 29 more, according to Opencongress.org. Opponents include The Constitution Project, Fight for the Future, Free Press, Reporters Without Borders, Techdirt, TechFreedom and 19 more."
Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill
Andy Greenberg - 1 MAY 2012
"Late Tuesday, Mozilla’s Privacy and Public Policy lead sent me the following statement:
'While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.'"
Ben Franklin would say our online liberty is the same as liberty itself
David Gewirtz - 1 MAY 2012
"congressional leaders tend not to turn to our technical leaders. Instead, they spend a lot of time with lobbyists and former congressional leaders, who now work for special interests. These special interests and lobbies are also very well aware of the threat, but they have their own, often incredibly selfish take on how the threat should be dealt with...Congress is often willing to propose bills that give up our essential digital liberty for some misguided temporary safety — especially when it comes to protecting music labels and big video producers."
How CISPA would affect you (faq)
Declan Mccollough - 27 APRIL 2012
"What sparked significant privacy worries is the section of CISPA that says 'notwithstanding any other provision of law,' companies may share information "with any other entity, including the federal government...By including the word 'notwithstanding,' House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) intended to make CISPA trump all existing federal and state civil and criminal laws... 'Notwithstanding' would trump wiretap laws, Web companies' privacy policies, gun laws, educational record laws, census data, medical records, and other statutes that protect information, warns the ACLU's Richardson"
CISPA and the Right Way to Do Information Sharing
Julian Sanchez - 26 APRIL 2012
"it shouldn’t be that hard to craft legislation that would allow sharing of the broad categories of information that are most useful for improving security but don’t raise privacy or civil liberties concerns. Here’s a crazy idea: Instead of indiscriminately adding a cybersecurity loophole to every statute on the books, why not figure out which specific kinds of information are useful to security professionals without compromising privacy, figure out which laws raise obstacles to that sharing, and then craft appropriately narrow exemptions? "
Proposed CISPA amendments do little to appease critics
Declan McCollough - 25 APRIL 2012
"A fourth amendment... would extend CISPA by allowing Homeland Security to "intercept" and "use" data that transits federally-controlled networks... Probably the most controversial section of CISPA says that 'notwithstanding any other provision of law,' companies may share information with Homeland Security, the IRS, or the National Security Agency. By including the word 'notwithstanding,' CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more. (It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may 'have unforeseen consequences for both existing and future laws.')"
Free Market Coalition Letter on CISPA
Ryan Radia, et. al. - 21 APRIL 2012
"While CISPA enables companies to restrict how cyber threat information they share may be used by other entities, thebill’s sweeping immunity provision effectively denies providers the ability to make enforceable promises to imposesuch restrictions on third parties. Thus, under CISPA, a provider could not meaningfully assure users it will not share their information with government unless compelled to do so by valid legal process..."
CISPA isn't Son of SOPA
Dan Kaminski - 25 APRIL 2012
"CISPA’s provisions are different from SOPA’s. CISPA would not create any new authorities to filter content or take down websites. And unlike SOPA, which would have given the attorney general power to compel private action, CISPA would be entirely voluntary. And the House Permanent Select Committee on Intelligence has partially addressed concerns by dropping all reference to intellectual property... we need to fix CISPA, not fight it. We can all agree that if Facebook reports that a link has been used to propagate malware, the government should expend its resources to warn users and foil the attack, not issue notices of potential copyright violations about the link."
CISPA revision allows DHS Internet 'countermeasures'
Declan McCollough - 24 APRIL 2012
Rep. Sheila Jackson Lee (Texas-D) seeks to amend CISPA to authorize DHS "to 'acquire, intercept, retain, and use' data that transit networks owned by the federal government... if it claims the surveillance would ward off "cybersecurity threats"; the amendment includes the same phrase 'notwithstanding any other provision of law' that made CISPA so" unpopular. "Jackson Lee's amendment (PDF) is broad enough to sweep in government contractors and university networks such as Internet2 and CENIC"
H.R. 3523 Cyber Intelligence Sharing Protection Act
HoR Committee on Rules - 24 APRIL 2012
This page links to the proposed legislation. A tab lists the amendments submitted.
Conservative groups slam House cybersecurity bill
Brenden Sasso - 23 APRIL 2012
"conservative groups slammed CISPA for using a broad definition for 'cyber threat information'and for a sweeping immunity provision for companies that hand over information to the government... The groups warned that the bill would prevent companies from assuring customers that they could protect their private data. The letter explained that the bill would allow third parties, such as data storage companies, to share information with the government even if they had signed a contract with other companies to secure the data...
The conservative groups also criticized CISPA for allowing the government to use the information for purposes other than addressing cybersecurity threats and for not including tougher oversight requirements for how the government handles the data it collects."
CISPA's Latest Critic: The White House
Alex Fitzpatrick - 22 APRIL 2012
"American digital infrastructure can't 'be addressed by information sharing alone' -- the central tenet of CISPA. The bill is designed to allow and encourage private businesses and the government to share information about cybersecurity threats with one another. It doesn't set any security standards for private firms to meet."
CISPA debate rages on in the US, what's all the fuss about?
Chester Wisneiwski - 22 APRIL 2012
"I know it might sound crazy... But perhaps we can respect current privacy protections and still share information with one another for the betterment of all of our security?... You can decide it is too hard and continue to suffer attacks, have your business plans stolen and struggle to survive in an ever more competitive market or you can respect the law and your customers, work extra hard to together with others in your position and be stronger for it in the long run."
5 Reasons the CISPA Cybersecurity Bill Should Be Tossed
Matt Peckham - 19 APRIL 2012
The most interesting of the reasons? "There may be a better, wiser, narrower bill in the offing. Of all the bills on the table, the only one groups like the CDT support is the PRECISE Act, which would 'establish a non-profit, quasi-governmental National Information Sharing Organization [NISO] to serve as a national clearinghouse for the voluntary exchange of “cybersecurity threat information, taking in reports, and sharing them back out, among the federal government, state and local governments, and industry.' According to the CDT, NISO"
Read more: http://techland.time.com/2012/04/19/5-reasons-the-cispa-cybersecurity-bill-should-be-tossed/#ixzz1smNrcQDe
Read more: http://techland.time.com/2012/04/19/5-reasons-the-cispa-cybersecurity-bill-should-be-tossed/#ixzz1smNQP07V
Voices of Opposition Against CISPA
Patrick Steele - 19 APRIL 2012
"Here is a list of organizations and influential people that expressed concerns about the dangerous civil liberties implications of the bill... they all reach the same conclusion—CISPA is not a 'sharing of information bill only.' It is an expansive bill that enables spying on users and allows for unaccountable companies and government agencies that can skirt privacy laws."
CISPA Isn’t ‘Son of SOPA’ (But That’s Not Saying Much)
Brock Meeks - 18 APRIL 2012
"The problem with CISPA is that any security it offers comes at the expense of unfettered government access to our personal information, which is then likely to be sucked into the secretive black hole of the spying complex known as the National Security Agency. The bill doesn’t specifically mention that information shared with the government will flow to the NSA, but neither are there any restrictions prohibiting that information from flowing to the agency. And, the agency has been lobbying for a larger role in cybersecurity operations of private networks."
Admnistration pushes against bipartisan House Cybersecurity legislation
Brendan SASSO - 17 APRIL 2012
Caitlin Hayden: "while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs,"
Why did an MPAA executive join the Internet Society?
Cory Doctorow - 17 APRIL 2012
Paul Brigner is quoted, saying, "As I became more ingrained in the debate, I became more educated on the realities of these issues, and the reality is that a mandated technical solution just isn't a viable option for the future of the internet. When presented with the facts over time, it was clear I had to adjust my thinking."
Civil Liberterians Launch Campaign Against CISPA
Ed Krayewsky - 16 APRIL 2012
The voluntary information sharing program "comes in the wake of a recent rules change at the National Counterterrorism Center that allows the government to hold records collected on you for five years, ten times the previous 180 day limit, whether or not you’re the target of an investigation or suspected of anything criminal at all."
The Privacy Nightmares of CISPA
Kevin Goztola - 16 APRIL 2012
Trevor Timms, EFF: "information that we have in our email boxes or our Facebook accounts aren’t necessarily protected by the same constitutional protections that protect letters and phone calls. This is because the Electronic Communications Privacy Act was written twenty-five years before email even existed and that’s what still governs what the government can and can’t take from companies and us about our information... it [CISPA] essentially carves out a giant cybersecurity loophole into already watered-down protections for our communications. And what we’re really worried about is that companies will end up handing over large swaths of our emails, private messages on Facebook or Twitter, to the government with no judicial oversight."
New CISPA Draft Narrows Cybersecurity Language as Protests Loom
Alex Fitzpatrick - 14 APRIL 2012
"One proposed amendment narrows the category of information shared under CISPA from that about 'theft or misappropriate of private or government information, intellectual property, or personally identifiable information' to 'efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information.'
"However, the new draft didn't backtrack from a national security clause which civil liberties groups have warned could result in the intelligence community abusing the bill... Additionally, a proposed liability clause protects private firms and the government from lawsuits in relation to 'willful misconduct' involving cybersecurity data."
This is Why CISPA Scares me
Martin McKeay - 12 APRIL 2012
"CISPA is written in such a way that 1) it tramples on the very basic rights of due process and privacy to combat these threats and b) it includes clauses that name intellectual property and private information as reasons for this sharing... Let’s have some laws to promote information sharing. But let’s not give up our civil liberties and make our government into more of a surveillance state than it already is."
Expert: New CISPA Bill Isn't SOPA, But Still Attacks Constitutional Rights
Jason Koebler - 12 APRIL 2012
"Experts say the danger level associated with CISPA depends on the answer to one question: Which Constitution amendment do you care about more, the First or the Fourth?... [SOPA] is about the First amendment, [CISPA] is about the Fourth."
After SOPA, PIPA, Why is Facebook Liking CISPA
Jackie Cohen - 11 APRIL 2012
"The bill amends the National Security Act of 1947 to grant access to any data regarding a so-called cyber-threat to not just the government but also private security agencies."
CISPA legislation seen by many as SOPA 2.0
Morgan Little - APRIL 9, 2012
"The process by which CISPA facilitates information sharing revolves around the director of National Security, who would appoint members of the intelligence community as gatekeepers to weed through employees of firms seeking to link up with the government and grant security clearances as they see fit... All of this sharing, as the legislation currently stands, 'supersedes any statute of a State or political subdivision of a State that restricts or otherwise expressly regulates' the exchanges between the government and those it exchanges information with... CISPA includes an exemption of liability granted to those firms taking part in CISPA’s information exchanges -- possibly freeing tech firms from the responsibility of regulating users and the danger of being taken offline for alleged copyright violations -- so long as they get approval from the government."
Why is CISPA worse than SOPA/PIPA?
Jakob - APRIL 9, 2012
"Exempting companies from privacy laws gives both corporations and the government too much power in controlling what we use on the internet... excerpts from the bill help explain these issues as well as the vague and broad language used in defining its terms...CISPA not only vaguely incorporates all of SOPA and PIPA, it goes further by removing privacy barriers. By allowing the government to access private communications and for companies to not be limited by privacy laws, this bill allows too much power...he government will have broad power and could undermine existing privacy laws in the name of “security.” By creating laws based on fear and emotions instead of sound judgement and reason, civil liberties continue to be trampled by governments and special interests."
Google updates Anti-SOPA site with new #ourweb Campaign
Carl Franzen - APRIL 9, 2012
"On Monday, Google quietly launched a new initiative, Start something,' asking users to complete the following sentence: 'The Internet is the power to ____,' and post their answers on the social network of their choice under the hashtag #OurWeb...'This is just the first step in building a conversation around the future of the Internet,' Google wrote of the new campaign in an email to some users and in a statement on its Take Action website."
Could CISPA be the next SOPA?
Alex Fitzpatrick - APRIL 8, 2012
"To ensure that business-government information sharing happens on a two-way basis, CISPA requires the Director of National Intelligence to set up ways for the intelligence community to pass along threat information to private companies and make sure they actually go ahead and do that. To prevent sensitive information from being shared willy-nilly, CISPA requires that any recipient of such threat reports have a security clearance and a valid need for the information. Finally, CISPA allows third-party cybersecurity firms (which provide cyber protection to the government and private businesses) to 'use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property' of their clients. They’re also allowed to share that information with any other business or government department, provided their client gives them permission to do so."
After killing SOPA, Internet activists take aim at a new House cybersecurity bill
Brendan Sasso - APRIL 7, 2012
"a House aide who supports CISPA said the measure has nothing to do with anti-piracy enforcement or censorship. ' There's no authority to censor or block sites in the bill,' he said. 'The only authority is to share information with the private sector and for them to voluntarily share it with the government. There's nothing in here that would allow you to block or shutdown a website.' (and later...) The House aide who supports the bill said the definitions are intentionally broad so that Congress won't have to update the law every time a new technology emerges. The aide also said the bill does not cover copyright infringement."
SOPA Opponents Fear New Anti-Piracy Legislation Is Coming
Carl Franzen - APRIL 6, 2012
"Advocacy groups that led the fight against the failed anti-online piracy bills the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (IP) have begun to mobilize their forces anew, anticipating that lawmakers, backed by Hollywood lobbyists, will attempt to resurrect the bills or launch comparable new legislation in an effort to crack down on piracy."
Draconian Cybersecurity Bill Would Lead to Internet Surveillance and Censorship
Reporters without Borders - 6 April 2012
"“A blanket monitoring system is never an appropriate solution, nor is blocking or censoring websites that disclose information that is classified but of public interest. Reporters Without Borders opposes CISPA and ask Congress to reject this legislation."
SOPA 2.0: Why the Fight for Internet Freedom is Not Over
Alex Fitzpatrick - APRIL 6, 2012
Asked "Is it correct to look at the debate between Intellectual Property and Creativity as a zero-sum game?", Professor Lawrence Lessig replied, "I think in the privacy debate, for example, better infrastructure could give more privacy and better security — a better place for identity. Better copyright law could give the copyright industry and artists what they want — but it’s hard for the industry to imagine this, so they fight this change. And it’s hard for anybody to imagine what this different infrastructure might look like, so we don’t get many people rallying for this change."
CISPA: the new SOPA
David Banks - APRIL 5, 2012
"CISPA is all about collecting and sharing “cyber threat intelligence” and has less to do with copyright infringement concerns. This bill does not directly threaten the business interests of web companies, which means we should not expect their help in fighting the bill...Under CISPA, the Director of National Intelligence would decide who in the private sector should be given high level security clearance and the ability to work closely with federal intelligence services to monitor, collect, and share online activity that is deemed to be a 'cyber threat'."
Watch out Washington: CISPA replaces SOPA as Internet's Enemy #1
Andrew Couts - APRIL 5, 2012
CISPA supporters say "CISPA will help U.S. companies defend themselves 'from advanced cyber threats, without imposing any new federal regulations or unfunded private sector mandate.' It will also create 'new private sector jobs for cybersecurity professionals,' and protect 'the thousands of jobs created by the American intellectual property that Chinese hackers are trying to steal every day.' Opponents say "As with SOPA and PIPA, the first main concern about CISPA is its 'broad language,' which critics fear allows the legislation to be interpreted in ways that could infringe on our civil liberties."
Rogers' "Cybersecurity" Bill is Broad Enough to Use Against WikiLeaks and The Pirate Bay
Rainey Reitman and Lee Tien - MARCH 8, 2012
"Under the proposed legislation, a company that protects itself or other companies against 'cybersecurity threats' can 'use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property' of the company under threat...It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats...
"the government and Internet companies could use this language to block sites like WikiLeaks and NewYorkTimes.com, both of which have published classified information. Online publishers like WikiLeaks are currently afforded protection under the First Amendment; receiving and publishing classified documents from a whistleblower is a common journalistic practice."
US Intellectual Property Enforcement Coordinator Annual Report on Intellectual Property Enforcement
MARCH 2012
Facebook Letter of Support for CISPA
Joe Kaplan - FEBRUARY 6, 2012
"Your legislation moves burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber communit while still respecting the privacy rights and expectations of our users"
Congressional Cyber Initiative Shows Promise
Paul Rosenzweig - JANUARY 31, 2012
"...it is good to see at least one entrant in the field of competing cyber bills that has a more limited approach, one that advances incremental change without making the mistake of presuming to know all the answers... H.R. 3523 starts from the premise that the private sector already does much to secure its networks and that the major gaps are in law and policy, not tech- nology. Thus, the bill contends that private-sector actors need clearer authority, not more regulation, to detect threats and share information."
Intel Letter of Support for CISPA
Peter M. Cleveland - DECEMBER 2, 2011
"We believe the policy changes and legal protections implemented by the bill represent meaningful improvements in the important area of information sharing for cybersecurity purposes... a bipartisan approach that is not only voluntary and non-regulatory, but also incentivizes industry participation by providing needed liability protections and streamlining clearance processes."
Cyber Intelligence Bill Threatens Privacy and Civilian Control
Greg Nojeim, DECEMBER 1, 2011
The Center for Democracy and Technology has four main concerns:
- "The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
- "The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
- "It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
- "Once the information is shared with the government, it wouldn’t have to be used for cybersecurity, but could instead be used for any purpose that is not specifically prohibited."
Microsoft Letter of Support for CISPA
Fred Humphries - NOVEMBER 30, 2011
"This bill would enable cyber security providers and other entities that detect cyber threat information in the course of protecting computer networks to more easily share information with each other. The bill would also clarify the ability of the government to share meaningful threat information with non-governmental entities that are capable of using it to protect critical information technology networks. These are important objectives, and this bill is an important first step towards addressing significant problems in cyber security. Microsoft applauds their leadership."
If you have read articles or posts that offer additional insights to these, please contact me or leave a comment.
Comments
You can follow this conversation by subscribing to the comment feed for this post.