Monday, 16 April 2012

Groups Plan Opposition to Cybsecurity Bill

Written by 

As the U.S. Congress continues its attempts to ramp up control of the Internet, members of several activist organizations are making use of grassroots efforts to showcase their opposition. Activists are now planning an entire “week of action” beginning today, to protest the Cyber Intelligence Sharing and Protection Act (CISPA). Authored by Reps. Mike Rogers (R-Mich., left) and Dutch Ruppersberger (D-Md.), CISPA would remove legal barriers that prevent companies from sharing information with one another with regard to cyber attacks.

According to The Hill:

Many of the groups leading the protest are veterans of the fight against the Stop Online Piracy Act (SOPA) and [the] Protect Intellectual Property Act (PIPA), including the Electronic Frontier Foundation, the Center for Democracy and Technology, Free Press, Fight for the Future and the American Civil Liberties Union (ACLU).

Brock Meeks, a spokesman for the Center for Democracy and Technology, said the protest will rely on similar tactics as the ones used to derail the anti-piracy bills, potentially including petitions and phone calls to members of Congress.

Supporters of CISPA claim that it seeks to give intelligence agencies and Internet companies more incentives to share information with one another about security threats, such as hackers. But according to Talking Points Memo, there is more to the bill than that.

“... CISPA, which is scheduled to hit the floor of the House of Representatives for debate and an eventual vote the week of April 23rd, has come under intensified criticism by Web user advocacy groups and writers in recent days,” reports TPM. “The bill’s critics contend that CISPA’s terms are too broad, and could be interpreted in a way that removes important legal checks for when and how companies may turn over Web user information to the government.”

Critics of the measure fear it will negatively impact user privacy because of its broad language. They assert that it could lead to companies exchanging information that is unrelated to potential cyber attacks, such as user names, addresses, and Internet activity.

Lee Tien of the Electronic Frontier Foundation declared, “It’s a sophisticated scheme of removing legal barriers.”

Critics have also indicated that the bill could potentially allow military spy agencies to access the information that the companies share with the government.

The Washington Post reported in February that the National Security Administration had tried lobbying the White House for “unprecedented monitoring of routine civilian Internet activity,” but was rejected because of privacy concerns. CISPA would allow such monitoring.

Tien and his colleague Rainey Reitman wrote a long and critical review of the bill in March, before CISPA even caught the attention of the American people. According to their critique, the new measure is similar to SOPA and PIPA, both of which drew strong opposition from the American people, ultimately bringing about the demise of both bills.

Brock Meeks of the Center for Democracy and Technology (CDT) advised that the protesters are not planning to black out any websites, as was done during the last round of anti-piracy protests. That is because major web companies such as Facebook, Verizon, Microsoft, and AT&T are supporting CISPA, unlike SOPA and PIPA.

CDT's vice president for public policy Jim Dempsey explains, "I think those companies thought [giving information to the government] is essentially a meaningless provision, because they're not required to share. But I think there's all sorts of incentives the government can use to leverage that form of sharing."

Dempsey agrees with lawmakers that CISPA and SOPA are not similar, but contends that CISPA is still cause for concern because it violates a different variety of constitutional rights. "It's a completely different issue [from SOPA]," he says. "This is about government monitoring. [SOPA] is about the First amendment, [CISPA] is about the Fourth, but they both take a legitimate problem and try to tackle it with an overbroad solution."

Jason Koebler of U.S. News & World Report explains that while CISPA does not require companies to share data with the government, it also does not require the government to share cybersecurity secrets with the companies.

Dempsey explains that "the government can say 'You want our secret sauce, give us all your data; if you play ball with us, we'll play ball with you,'" although an amendment to the bill is meant to discourage required data trades. He adds, "Once [CISPA] removes the legal barriers, it becomes harder for companies to resist those inducements, which can lead them to do things they're uncomfortable with [such as sharing data]."

The Electronic Frontier Foundation asserts that the bill could lead to “backdoor wiretaps,” allowing “companies a free pass to monitor and collect communications ... and ship that data wholesale to the government or anyone else provided they claim it was for ‘cybersecurity purposes.’ ”

EFF’s Reitman is hoping that this week of protests will help attract attention to more controversial provisions in the legislation, such as the ones dealing with information-gathering. “How far they’re willing to amend it often reflects how intense the criticism is,” he said. “Gathering a lot of force right now could cause them to amend or give up entirely on the bill.”

Critics of CISPA agree that Congress should move to improve cyber security, but that it cannot do so in violation of the constitutionally protected rights of Americans. "Congress should take steps to improve cyber security defenses, but it has to realize it has to be more careful and cautious," Dempsey says. "People really do care deeply about not having the government control the Internet, and the government intrusion into the technology is really the overarching issue."

 

...