2013 in Review: EFF's Battle Against Privacy Invasive "Cybersecurity" Bill
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.
This spring, one of EFF's main fights for user privacy concerned the Cyber Intelligence Surveillance Privacy Act, or CISPA. It was the second time in two years that CISPA was introduced, and the second time in two years that privacy advocates were able to stop the bill from advancing. CISPA is a broad, overly vague, and poorly written "cybersecurity" bill. The bill aimed to increase information sharing between the private sector and the government, while granting broad legal immunity to the companies for this sharing. Worse, it could allow for companies to "hack back" at innocent users.
After being introduced in February by Rep. Mike Rogers and Rep. Dutch Ruppersberger, EFF and a coalition of allies fought back hard against the bill. Within a month, EFF had an FAQ on the bill, analyzed the immunity clauses, and looked into its loopholes. The same problems come up time and time again with "cybersecurity" bills proposed in Congress. And we've had a lot of practice since Congress has tried to pass overly broad "cybersecurity" legislation each year for the past four or five years.
Less than two months into the fight, the coalition put the pressure on the White House, asking for a promise to veto CISPA (just like it did in 2012). The White House announced that it would veto the bill over concerns about both the privacy clauses and the overly broad immunity in the bill.
Despite passing the House, the major flaws of CISPA were known to many. Spurred by the President's veto threat, multiple Senators noted that CISPA was dead in the Senate due to its lack of privacy protections and overly broad immunity provisions.
Shortly thereafter, the huge onslaught of leaks about the NSA's activities—which include collecting users' phone calls, emails, address books, buddy lists, calling records, mobile phone location, online video game chats, financial documents, browsing history/cookies, calendar data, and probably other data—were released.
Suddenly, immunity for sharing more information with the government did not seem quite as attractive. For now, the "cybersecurity" bills being introduced stick to what should've been Congress' initial game plan: uncontentious bills that increase funding for security research, organizing the current mish-mash of agencies and departments working on computer and network security, and assessing the already-existing agencies working on to make stronger security.
This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.