The Cybersecurity Act of 2012 (S 3414) Defeated in Senate Vote this Morning
This morning, the US Senate defeated the Cybersecurity Act of 2012, a bill that would have given companies new rights to monitor our private communications and pass that data to the government. The bill sponsors were 8 votes short of the 60 votes necessary to end debate on the bill (vote breakdown here). This is a victory for Internet freedom advocates everywhere. Hundreds of thousands of individuals emailed, tweeted, called, and sent Facebook messages to Senators asking them to defend privacy in the cybersecurity debate. Those voices were heard loud and clear in the halls of Congress today. EFF extends our heartfelt thanks to everyone who fought with us on this issue.
We can all be proud today that there was no law enacted on our watch that would have compromised the online privacy rights of Internet users in the name of cybersecurity.
We beat the bill, and we changed the conversation
Pressure from civil liberties groups and Internet users didn’t just defeat the bill – it changed the conversation around cybersecurity in fundamental ways. Working together, we convinced the bill sponsors to put privacy protections into the final version of the Cybersecurity Act, which made it superior to any of the other cybersecurity bills being considered by Congress. While the bill still had big problems, there were new privacy protections such as limitations that prevented data collected for cybersecurity purposes from being used to prosecute unrelated crimes. Those privacy protections were created as a direct result of pressure from the netroots.
Internet users also found they had powerful friends in the Senate. Senators Al Franken, Richard Durbin, Chris Coons, Bernie Sanders, Daniel Akaka, Ron Wyden and Richard Blumenthal championed civil liberties fixes to the bill. Senator Wyden, in particular, opposed the bill on privacy grounds, stating:
Today’s vote was one in which Senators were asked to sacrifice Internet users’ privacy and civil liberties for weak proposals to improve cyber security; I voted no.
And Senators Al Franken and Rand Paul sponsored an amendment that would have removed the most privacy-invasive provisions of the bill. These champions of online rights helped us in the cybersecurity fight – and will hopefully stand with us again in defending civil liberties the next time this issue arises.
Vigilance: no cyber spying today, no cyber spying ever
Today, we celebrate. But threats are on the horizon.
Congress has been working to pass cybersecurity legislation for years – and for years, EFF has fought to ensure that civil liberties weren’t sacrificed in the process. This year was the hardest fight of all: Congress got closer than ever to enacting a cybersecurity bill that could threaten the privacy of our online communications. We fought back with everything we had and defeated the bill, but they’ll be back – either this fall or next year.
And we’ll be ready for them.
It is the commitment and passion of EFF members that is necessary to defending against this type of anti-freedom legislation. Without those voices, we would never have beaten back SOPA, HR 1981, or the Cybersecurity Act. Thank you for making this possible.
EFF is committed to defending our online freedoms against all threats, and the majority of our funding comes from individuals making small donations. If you believe in the work we’re doing to safeguard liberty in the digital age, please make a donation or become a member. We’ll use your financial support to advocate for users, innovation, and civil liberties.
We’ve built a coalition of advocacy groups from all sides of the political spectrum willing to do what it takes to defend our online rights. Many of them are partners who worked with us to defeat SOPA. We’re thankful to groups and companies like American Civil Liberties Union, American Library Association, Center for Democracy and Technology, Competitive Enterprise Institute, Demand Progress, Fight for the Future, Free Press, Liberty Coalition, Mozilla, Reporters without Borders, TechFreedom, Techdirt and many, many others. We know that whenever fundamental freedoms are threatened, they will dive once more unto the breach to fight fearlessly for what’s best for Internet freedom. Thank you!
The idea behind copyright is simple — it is supposed to be a balance in the service of the public interest. There's a trade-off: for accepting a restriction on certain speech, the public benefits from the production of more new creative works each year. That delicate equation is complicated by many factors, and the right policy should find the balance of copyright scope and duration, limitations and exceptions like fair use, and the appropriate remedies in case of infringement.
But in fact, copyright policies almost universally lack the serious cost-benefit analysis that must precede any evidence-based proposal. And indeed, while the unintended costs are clear to anybody who has observed abuse of, say, the DMCA takedown system, the evidence that these policies create incentives — or even prevent harm — is less forthcoming.
Last week Julian Sanchez of the Cato Institute posted a thought-provoking piece that questions the similar calculation at the core of national security rhetoric. In the area of security, he asks, are we actually getting a "trade-off" for all the costs we incur to the country’s budget and our personal liberty? Sanchez convincingly argues that we haven’t been working towards a balance between those two ideas at all. Liberty is consistently discarded in the name of “security,” and the resulting policies don't actually make us safer. A dialogue that focuses only on striking a balance between these two ideas fails to address more fundamental questions about our policy.
It makes sense, then, that one typical response to bad copyright policy developments — and there are many — is to say that those developments skew this balance the wrong way, favoring the incentives and rewards for rightsholders more than is necessary to maximize creative production. But that approach overlooks the fact that many of the worst copyright proposals, like those that come out of content lobbying groups like the RIAA and the Motion Picture Association of America (MPAA) do worse than a skewed balance. Rather, they fail to strike any kind of balance at all, curtailing speech and fundamental online rights without a corresponding increase in the incentive to create new works.
Similarly, when the 1998 Copyright Term Extension Act — sometimes called the "Mickey Mouse Protection Act" because it kept the world's most famous rodent out of the public domain — was challenged in the Supreme Court, some of the world's leading economists lined up in a brief [pdf] to question the premise that the public benefited from retroactive term extension at all. Once again, the costs to the public are clear: we all suffer from a poorer public domain with no clear gains in return. Worse, these examples are the rule and not the exception. Many elements of policy today — from DMCA's problematic section 1201 to the unconstitutional ICE seizures of websites — and dozens more failed proposals — like the "Hollywood Hacking bill" or the broadcast flag — fit this pattern.
Compared to the trade-off of security and liberty, the question at the heart of copyright policy is an easy one: How do we optimize the incentive to create new works while minimizing the cost to our freedom of speech and ability to innovate? Unfortunately, sane policy developments that work toward this end are all too rare.
Should the police be allowed to warrantlessly collect and index the DNA of people merely arrested for a crime, while they are still cloaked in the presumption of innocence and have not been found guilty of anything? Over and over again, we've warnedcourts throughout the country the answer is no, and it now looks like judges are taking notice, including the U.S. Supreme Court.
Courts and judges throughout the country have been split over the controversial practice of warrantless DNA collection from mere arrestees. The samples collected by state and federal law enforcement officials are placed into CODIS, a federal DNA database that law enforcement officers throughout the country are permitted to access.
In California, federal and state courts have reached different conclusions on the constitutionality of Proposition 69, California's DNA collection scheme. The California Court of Appeal (PDF) initially found the practice unconstitutional as a violation of the Fourth Amendment's right to be free from unreasonable searches and seizures. That decision is now on review to the California Supreme Court. Meanwhile, a federal three judge panel of the Ninth Circuit Court of Appeals (PDF) rejected a lawsuit brought by the ACLU of Northern California and instead found Prop. 69 constitutional.
Similarly, the Third Circuit Court of Appeals (PDF) found the practice constitutional in a case out of Pennsylvania, while the Maryland Court of Appeal (PDF) found the warrantless DNA collection of mere arrestees to be unconstitutional. It's telling that many of these decisions highlight deep divisions within the bench, spurring impassioned dissenting opinions.
This division is finally working its way to the highest courts of the country. First, the entire Ninth Circuit Court of Appeals last week agreed to rehear (PDF) its opinion dismissing the ACLU challenge to Prop. 69. Then on Monday, Chief Justice Roberts of the U.S. Supreme Court signalled there is a "reasonable probability" that the high court would step in to review the conflicting opinions. His comments came in a brief order (PDF), granting the state of Maryland's request to stay the decision finding warrantless DNA collection from mere arrestees to be unconstitutional.
If and when the the Supreme Court reviews this issue, it needs to be cognizant of the enormous privacy concerns surrounding the collection and storage of DNA in a federal database. DNA is the most intimate and sensitive aspect of a human, able to reveal a snapshot of a person -- and their family's -- medical and genetic history. The history of CODIS and its continued expansion shows that Ninth Circuit Chief Judge Kozinski (PDF) was right in warning that the "voracious appetite of law enforcement" needed to be curbed by the courts. What initially started as DNA collection of individuals convicted of violent felonies has expanded to include all felons and now covers individuals not even convicted. And as we explain in detail in a recently published whitepaper, DNA collection is now a routine part of the immigration system, where individuals are not under arrest, let alone suspected of committing any crimes.
Chief Justice Roberts' brief order suggests he may not be sympathetic to the privacy issues at stake. But the pro-privacy concurring opinions of Justices Sotomayor and Alito in another recent Fourth Amendment case -- United States v. Jones -- suggests there are some on the Supreme Court who recognize we live in an age where technology has the serious potential of shrinking privacy. And that means courts must recognize that giving DNA Fourth Amendment protection is essential in order to keep sensitive biometric data from prying government eyes.
The Senate is about to vote on the Cybersecurity Act of 2012 – perhaps even as early as tomorrow. So we’re in a last push to get concerned Internet users to speak out for privacy before the big vote. If you want to ensure that we don’t compromise our rights to speak and communicate online privately, then please tweet and call your Senators. And now you can do one more thing: post a note on your Senators’ Facebook profiles. Leave comments asking them to stand up for your privacy in the cybersecurity debates. Comments might read something like:
I’m a constituent and I want you to defend privacy when you vote on the Cybersecurity Act of 2012 (S 3414). Please support the Franken-Paul Amendment and other pro-privacy amendments, reject any attempts to water down privacy protections, and oppose the bill as a whole.
We’ve heard from our contacts in DC that the tweets are making a big impact – let’s add to the impact with Facebook messages. Scroll down to find your Senator's Facebook information. Note that you must have a Facebook account to comment on a Senator's profile, and you will probably need to "like" the Senator's page in order to post your comment. However, you can stop "liking" the page as soon you've posted.
In an effort to make the Declaration accessible worldwide, the organizers have teamed up with Global Voices Online to translate the document into as many languages as possible. As of today, the Declaration is already available in 28 languages, including French, Arabic, Spanish, Dutch, and even Aymara and Malagasy!
Still, we hope to reach an even wider audience: On Friday, beginning at midnight GMT, Global Voices will launch a 24-hour "translathon", in which translators—professional and hobbyists alike—can come together in a central location to tackle as many remaining languages as they can. To get involved, you can sign up here.
Finally, a moment of sanity. Today, Rep. Peter DeFazio, along with co-sponsor Rep. Jason Chaffetz, introduced legislation (HR 6245) in the House of Representatives that would actually help make the patent system work better for innovators and innovation, and make life more difficult for patent trolls.
We have written time and again about just how broken the system is and how, thus far, the courts and Congress have failed to fix it. Which makes us even more excited about the new bill, the Saving High-Tech Innovators from Egregious Legal Disputes ("SHEILD") Act. The idea behind the SHIELD Act is simple: if you sue someone, you better have a reasonable and good-faith belief that you are entitled to relief. In other words, a plaintiff needs to believe that a defendant actually infringes a valid patent before it sues. If it doesn't, that plaintiff could be on the hook for the costs of litigation and for the winning party's attorneys' fees (which can cost hundreds of thousands of dollars in some cases).
Fee shifting, often called "loser pays," is not a new idea. It's long existed in copyright law, for instance, allowing a court to award a winning party costs and fees in certain cases. In patent litigation, this type of provision would help tilt the playing field slightly more in favor of the good guys. To understand, think about the patent troll business model: making broad claims of infringement based on patents of questionable validity is the troll's favorite move. It's no wonder that many defendants choose to pay up rather than take the time, energy, and especially the money to fight in court. Fee shifting would empower innovators to fight back, while discourging trolls from threatening lawsuits to start.
This bill is also important because it would only apply to software and computer hardware patents. We've said before that a one-size-fits-all patent system doesn't make sense, especially when we start talking about software. Whether or not you think software should be patentable at all, the law recognizes those types of patents (for now at least). Given that, we support policies and legislation that treat software differently—in other words, it's time to hack the system to make it work for coders, developers, and innovators of all stripes.
If you support this fee-shifting proposal, then please make your voice heard at defendinnovation.org. EFF started this campaign to address some of the biggest problems with the patent system by asking those who actually work with software and deal with patents how they think the system can best be fixed. On defendinnovation.org, we proposed seven ideas that we think would help (including a fee-shifting proposal like the SHIELD Act), but we want to hear what you think. So far, nearly 10,000 people have spoken out to support our proposals. If you are frustrated with the software patent system, let us know at Defend Innovation. You can sign on to all seven of our proposals or suggest your own. (And if you think software patents should be abolished, you should comment here.) We'll be writing Reps. DeFazio and Chaffetz expressing our support for their efforts, and we'll let them know how many people expressed their support for fee-shifting fixes at Defend Innovation.
Will a fee-shifting provision fix everything that’s wrong with the patent system? Nope. But will it help? We think so. Kudos to Reps. DeFazio and Chaffetz for taking an important step toward patent reform legislation that actually makes sense.
This weekend, we launched a tool that lets you tweet messages directly to your senators about privacy dangers of the cybersecurity bills. And last night we heard from staffers on the Hill that they are receiving tons of tweets. Unlike phone calls, which are tallied at the end of every day, tweets are seen the moment they’re tweeted. That means we have a direct, powerful method of telling senators to defend individual privacy as they move to consider the Cybersecurity Act of 2012 this week.
Visit Stop Cyber Spying to tweet at your senators. And if you run a website, please use the code at the bottom of this page to embed our Twitter tool on your site. Use the hashtag #DefendPrivacy to join thousands who have already spoken out for civil liberties.
We also heard from our contacts in Washington DC that there are tons of phone calls coming in. In one office, they had more phone calls about the Cybersecurity Act of 2012 yesterday than about anything else that day. That’s fantastic. We’re going to keep up our opposition from now until the final vote (which could be tomorrow), especially since new reports show that this bill is teetering on the edge of failure.
Unfortunately, we are hearing one bad piece of news from our contacts in DC: individuals manning the phones at Senate offices aren’t writing down the entire message from netroots callers. Instead of noting that callers are supporting pro-privacy amendments like the Franken-Paul Amendment, opposing anti-privacy amendments like those suggested by McCain and Hutchison, and opposing the bill as a whole, the individuals answering the phone are merely writing down that callers are opposing the bill. We need to make sure that our support for the Franken-Paul Amendment is made clear – this is the amendment that would remove the new affirmative authority for companies to engage in monitoring and countermeasures. We want to show our support for the Franken-Paul Amendment to ensure that, even if this bill fails, any future discussion of cybersecurity legislation begins from a place that has greater respect for our online privacy. So, please, call today and tell your senators that they must writedown all three points, not just that you oppose the bill.
Co-authored by EFF Fellow Jon Eisenberg, who also authored EFF's amicus letter.
When a judge forces you to "consent" to a disclosure of your private electronic communications, have you really consented? No.
EFF today asked the California Supreme Court to review a decision of a lower court that forced a juror to "consent" to allow the content of his Facebook postings to be turned over to the parties to the case, after it was discovered that he had been improperly posting about the case on his Facebook wall during a trial. The case is called Juror Number One v. Superior Court
An exception to the SCA’s disclosure prohibition is that a provider may divulge the contents of a communication with the “lawful consent” of the originator or an addressee or intended recipient. Here, the trial judge tried to invoke the SCA’s “lawful consent” exception by ordering Juror Number One to consent to Facebook’s disclosure of his postings.
In urging the California Supreme Court to take the case, EFF argues that this judicial maneuver is just an end run around the protections Congress created for users in the SCA, which plainly provide that any civil discovery of digital communications must be obtained from the user themselves, not from the third party hosts of their communications. This protection is especially important when the person giving the discovery isn't even a party to the case and, as here, was merely a juror. A decision on the petition is expected by the end of September.
As the United States Supreme Court said in 1968 in Bumper v. North Carolina: “Where there is coercion there cannot be consent.” That's as true today as it was 40 years ago.