Thirty-seven digital rights groups and businesses have come together this week to urge the White House to defend privacy and promise to veto the dangerous cybersecurity bill CISPA. Such legislation poses a number of privacy risks to individuals, allowing levels of information sharing between companies and the government that supersede existing privacy laws. Privacy advocates aren't the only ones speaking out against CISPA; online companies like Reddit and Mozilla, as well as web hosts like Gandi and Namecheap, have chosen to stand up for their users' rights rather than support ill-defined legislation.
Read the letter to the White House below:
March 19, 2013
To Michael Daniel, White House Cybersecurity Coordinator:
We the undersigned organizations write to encourage the White House to renew its promise to veto the Cyber Intelligence Sharing and Protection Act (CISPA).
Last year, the White House threatened to veto CISPA (H.R. 3523) on the grounds that the bill would create major privacy and security vulnerabilities. This year, CISPA has been reintroduced (H.R. 624) with the same flaws.
In its veto threat, the White House stated:
"The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive."
Specifically, the White House objected that CISPA did not require companies or the government to "minimize and protect personally identifiable information" (PII):
"[H.R. 3523 repeals] important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. For example, the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information."
The White House noted that CISPA would provide companies dangerously broad legal immunity for actions they took based on information “identified, obtained, or shared” under the bill:
"H.R. 3523 would inappropriately shield companies from any suits where a company's actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests."
The White House also pointed to the significant threat CISPA poses to the civilian nature of the Internet, a vital aspect of a free and open Internet:
"H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."
Because the flaws that prompted the veto threat have not been fixed, we urge the White House to make clear to Congress it still opposes CISPA.
Advocacy for Principled Action in Government
American Association of Law Libraries
American Library Association
Association of Research Libraries
Bill of Rights Defense Committee
Center for Democracy & Technology
Center for Digital Democracy
Center for Financial Privacy and Human Rights
Competitive Enterprise Institute
The Constitution Project
Electronic Frontier Foundation
Entertainment Consumers Association
Fight for the Future
Free Press Action Fund
Government Accountability Project
National Association of Criminal Defense Lawyers
New America Foundation's Open Technology Institute
NY Tech Meetup
Personal Democracy Media
Privacy Rights Clearinghouse