Security Experts, Internet Engineers Urge Lawmakers to Drop CISPA

A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”

CISPAA long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”

The Cyber Intelligence Sharing and Protection Act (CISPA) has become a focus of criticism and ire from a number of groups who oppose the bill’s provision that could allow ISPs to turn over traffic from their networks to government agencies as part of a program to share information on security threats and attacks. Critics have said that this could amount to wiretapping without the knowledge of the users whose data is captured and shared. 

The technologists, researchers and academics who signed the letter sent to congressmen this week said that the promise of better network security in return for this kind of data sharing is not a valid one.

“As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties,” the write in the letter.

CISPA, introduced last fall by Rep. Michael Rogers (R-MI), is designed, in part, to allow intelligence agencies to share information about ongoing threats and attacks, not just among themselves but also with appropriate private-sector companies. Critics worry that the bill would eliminate some of the existing protections against warrantless wiretapping and electronic eavesdropping and would not give users any knowledge of or recourse against the sharing of their private communications.

The bill is scheduled to go to the House floor for a vote this week and final amendments to the measure are due today. Some people have compared CISPA to SOPA, the highly controversial online copyright legislation that was the focus of so much criticism and anger. The bills are not that much alike and have different scopes and goals, and CISPA does not seem to be drawing quite as much public reaction as SOPA did. 

However, some groups warn that CISPA may, in fact, be worse for consumers’ rights than SOPA would have been. Officials at the Center for Democracy and Technology said that “CISPA has a very broad, almost unlimited definition of the information that can be shared with government agencies and it supersedes all other privacy laws” and “is likely to lead to expansion of the government’s role in the monitoring of private communications.”

In their letter to lawmakers, the group of Internet engineers, security experts and academics said that passing CISPA would be a major mistake.

“We appreciate your interest in making our networks more secure, but passing legislation that suffers from the problems above would be a grave mistake for privacy and civil liberties, and will not be a step forward in making us safer,” they wrote.

Suggested articles

Discussion

  • Anonymous on

    You know a government is dishonest and corrupt, when it is afraid of it's own population. Period.

  • md. fahim hossain on

    very nice..

  • Anonymous on

    Correction you know a goverment is dishonest and corrupt when the people fear the goverment.  The poeple shouldn't fear their goverment, the goverment should fear their people.

  • Anonymous on

    They do fear us.  That's why they're doing this.

  • Anonymous on

    They don't fear us. They just want the least resistive path to enacting draconian measures. It's a sad day when lawmakers can take away our rights...
  • Rwolf on

    Is CISPA A Government Trojan Horse?

    U.S. Government Can Use CISPA To Control and Forfeit Corporations & Businesses.
    CISPA: The Cyber Information Sharing and Protection Act if passed by Congress would allow U.S. Spy and other government agencies to share confidential Internet and other information with Government Certified Self Protected Cyber Entities, Certified Cyber Entity Employees and Elements in both government and private sectors to help protect them—against Cyber threats.

    However—CISPA would also allow Government agencies, police and government quasi/contractors (WITHOUT WARRANTS) OR LIABILITY to take out of context—any innocent hastily written email, fax or other Internet activity to allege a crime or violation was committed to cause a person’s arrest, assess fines or civilly forfeit a business or person’s property. U.S. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay. No one need be charged with a crime. Corrupt Police can even create the hearsay. Government can use CISPA to (certify any Self Protected Cyber Entity or their employee—to spy on their employers and clients: (CIVIL Asset Forfeiture Incentive). U.S. Government is not prohibited from paying any Government Certified Cyber Self Protected Entity or Employee; or Element part of government forfeited assets or other compensation that result from the aforementioned providing U.S. Government a corporation’s or clients’ private/confidential information—that (now) require a warrant or court order. Federal. Government currently contracts on a fee/commission-sharing basis with Self Protected Cyber Entities, Elements and Contractors that have security clearances to participate in facilitating arrests and Government asset forfeitures. It is expected U.S. Government, police and private contractors’—Civil Asset Forfeiture of Americans’ property will greatly escalate if CISPA is passed allowing Government certified private cyber entities and their employees—No Warrant Searches of persons’ and Businesses’ confidential Internet Information—that can be handed over to the government e.g. private emails, faxes, phone and transmitted files for investigation, prosecution and asset forfeiture—circumventing the Fourth Amendment.

    Since CISPA, two additional cyber-security bills have been created in the Senate called, “The Cyber Security Act of 2012” and “SECURE IT Act”. Both bills appear unconstitutional; appear designed to circumvent the Fourth Amendment and public Freedom of Information Requests. The Cyber Security Act of 2012 formally known as S. 2105 was created by Senate Democrats, Joe Lieberman and Susan Collins. Similar to CISPA, the Cyber security Act of 2012 would abolish legal walls that stop Federal government and private companies sharing information.

    The SECURE IT ACT: S. 2151 was introduced by Senate Republicans on March 1st 2012: would (require) federal contractors to alert government about any cyber threats, forcing such communications between government regulators and corporations. The SECURE IT Act authorizes sharing of persons’ private Internet information (without a warrant) going beyond what is necessary to report a believed cyber threat. SECURE It Act fails to create a regulatory system at the Federal level to oversee cyber-security threats opening the door for persons’ and businesses’ confidential information to be misused and misappropriated by government agencies and private sector government certified cyber entities.

    Under CISPA: Government should be prohibited from using so-call (Certified Self Protected Cyber Entities, their Employees) and Elements to circumvent the Fourth Amendment; escape Public Freedom of Information Requests. CORRUPTED: Government Certified Self Protected Cyber Entities and Employees, U.S. Government Agencies, Contractors and Police too easily may use someone’s confidential Internet Information, e.g. transmitted files and private emails collected (without warrants) to extort Americans, corporations, politicians; for compensation, target a businesses’ competitor; or sell private information gleaned from warrant-less Internet Surveillance.

    If CISPA is passed allowing NO Warrant private self protected cyber entity spying, some Internet writers and political activists might be dead-meat under NDAA. Americans” who write on the Internet or verbally express an opinion against any entity of U.S. Government or its coalition partners—may under The Defense Authorization Act of 2012—be deemed by U.S. Government (someone likely to engage in, support or provoke violent acts or threaten National Security)— or (Belligerent) to order an American writer or activist’s indefinite prison detention.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.