When It Comes to Cybersecurity, Scare Tactics Aren't Convincing Americans to Sacrifice Privacy
This week, comments from Democratic Senators, a panel of witnessses, and the director of the National Security Agency (NSA) called on the Senate to enact cybersecurity legislation. But a new poll shows that Americans don't want to sacrifice civil liberties by allowing unfettered data exchanges between corporations and the government. Discussions this week were part of an effort to break the partisan stalemate over the Cybersecurity Act, a bill that would allow Internet companies to monitor the sensitive communications of users and pass that data to the government without any judicial oversight. The Cybersecurity Act would also give companies the right to "modify or block data packets" if they do it with "defensive intent," while offering little in the way of liability for companies that overstep their authority.
In response to ongoing delays in passing the bill, backers of the Cybersecurity Act have been attempting to drum up fears about catastrophic cyberattacks. Yesterday, Senators Sheldon Whitehouse and Richard Blumenthal called on the Senate to enact cybersecurity legislation despite the ongoing civil liberties concerns with the proposed legislation. Speaking to the Senate, Senator Blumenthal warned of doomsday scenarios, saying: "The consequences of a debilitating attack will be catastrophic for our nation."
Speaking in a similar vein earlier this week, Army Gen. Keith Alexander, head of the Pentagon's Cyber Command, gave a speech cautioning against potential terrorist cyberattacks and warned that, "The conflict is growing, the probability for crisis is mounting." In response to civil liberties concerns, Alexander stated: "The reality is we can do protection of civil liberties and privacy and cybersecurity as a nation." This is a particularly ironic statement because Alexander, as director of the NSA, oversees the warrantless surveillance program begun by the Bush Administration which collects en masse the Internet communications and communications records of millions of Americans (like browsing habits, emails, and chats).
And in a hearing yesterday morning before the Senate Homeland Security and Governmental Affairs Committee, witnesses who testified (which included no representatives from the civil liberties community1) urged passage of a cybersecurity bill. RAND Corporation's Brian Michael Jenkins said that it was more important to "get these things moving" than to find "the absolute perfect legislation."
We couldn't disagree more. While the perfect should never be the enemy of the good, cybersecurity legislation enacted in haste today could undermine the civil liberties of Internet users generations from now. Congress must take time to ensure all legislation it passes won't undermine fundamental online rights. None of the current cybersecurity proposals come close to fitting that criteria.
There was one bright moment in the hearing yesterday. In his written testimony (PDF), Dr. Stephen Flynn of Northeastern University called on the government to "resist the secrecy reflex" when it comes to security issues, adding:
[S]trict rules that preclude the sharing of homeland security information with unvetted individuals too often translates into leaving essential expertise on the sidelines. Even when security information is shared with vetted company security officers, they are precluded from passing along the details to their bosses who do not hold active security clearances. As a result, investment and operational decisions are often made with scant attention paid to the potential security stakes. The federal government should make a concerted effort to increase transparency with the broader public as well.
This week also saw the publication of a new survey that shows that the majority of Americans don't want to sacrifice their online privacy in the name of cybersecurity. A United Technologies/National Journal Congressional Connection Poll found that 63% of those polled believed government and businesses should not be allowed to share information because it would hurt privacy and civil liberties.
In fact, the United Technologies/National Journal poll found that Americans were concerned about cybersecurity—67% of those surveyed were worried about the country's computer networks—but that didn't translate into support for proposals that could undermine online privacy rights. This matches with EFF's own stance. EFF has long advocated for better computer security through projects like our free HTTPS Everywhere browser add-on, our security audit of open source software, and our ongoing coverage of Syrian state-sponsored malware. But while we understand and appreciate security issues, we don't believe that safeguarding networked devices necessitates eviscerating all existing privacy law. Any cybersecurity proposal that gives the government free rein to snoop through our private communications without a warrant is the wrong solution.
The United Technologies/National Journal poll also reflected the party-line disagreements that have helped stall progress on cybersecurity legislation. While Democratic respondents were divided on the role of government regulation in cybersecurity issues, a large majority of Republicans and independent responders to the poll opposed government standards.
Unfortunately, our elected officials are doing little to assuage the concerns of Americans who cherish their online civil liberties. Senate Majority Leader Harry Reid has threatened to bring the issue to the floor for a vote before the end of July, leaving concerned citizens only a few weeks to speak out against the major privacy implications of this sweeping legislation. EFF is asking individuals to email Congress through our online form or call your Senator to urge them to oppose cybersecurity legislation that sacrifices online privacy.
- 1. Witnesses were Michael V. Hayden (Chertoff Group), Brian Michael Jenkins (RAND Corporation), Frank J. Cilluffo (Homeland Security Policy Institute, George Washington University), Stephen E. Flynn, Ph.D. (George J. Kostas Research Institute for Homeland Security, Northeastern University). See more here.