A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”
The Cyber Intelligence Sharing and Protection Act (CISPA) has become a focus of criticism and ire from a number of groups who oppose the bill’s provision that could allow ISPs to turn over traffic from their networks to government agencies as part of a program to share information on security threats and attacks. Critics have said that this could amount to wiretapping without the knowledge of the users whose data is captured and shared.
The technologists, researchers and academics who signed the letter sent to congressmen this week said that the promise of better network security in return for this kind of data sharing is not a valid one.
“As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties,” the write in the letter.
CISPA, introduced last fall by Rep. Michael Rogers (R-MI), is designed, in part, to allow intelligence agencies to share information about ongoing threats and attacks, not just among themselves but also with appropriate private-sector companies. Critics worry that the bill would eliminate some of the existing protections against warrantless wiretapping and electronic eavesdropping and would not give users any knowledge of or recourse against the sharing of their private communications.
The bill is scheduled to go to the House floor for a vote this week and final amendments to the measure are due today. Some people have compared CISPA to SOPA, the highly controversial online copyright legislation that was the focus of so much criticism and anger. The bills are not that much alike and have different scopes and goals, and CISPA does not seem to be drawing quite as much public reaction as SOPA did.
However, some groups warn that CISPA may, in fact, be worse for consumers’ rights than SOPA would have been. Officials at the Center for Democracy and Technology said that “CISPA has a very broad, almost unlimited definition of the information that can be shared with government agencies and it supersedes all other privacy laws” and “is likely to lead to expansion of the government’s role in the monitoring of private communications.”
In their letter to lawmakers, the group of Internet engineers, security experts and academics said that passing CISPA would be a major mistake.
“We appreciate your interest in making our networks more secure, but passing legislation that suffers from the problems above would be a grave mistake for privacy and civil liberties, and will not be a step forward in making us safer,” they wrote.