What: Privacy-invasive cybersecurity legislation failed to win approval

Where: United States

Who: EFF and coalition of digital rights advocates

Lessons Learned

  • Use humor as a tool to build support and challenge outrageous proposals.
  • Try cultivating relationships with lawmakers who share your position.
  • Reach out to experts in the field to generate authoritative opposition.

The Surveillance Proposal

The United States government has been pushing for privacy invasive cybersecurity legislation for years, and the most recent surveillance threat emerged in early 2012 in the form of the Cyber Intelligence Sharing and Protection Act (CISPA). Coauthored by two Congressional representatives from both political sides of the aisle, the bill purported to allow companies and the federal government to share information to prevent or defend from cyberattacks. Yet it expressly authorized the monitoring of private communications, and was written so broadly that companies would be allowed to hand over large swaths of personal information to the government with no judicial oversight.  The most dangerous aspect of the law was that it effectively created a “cybersecurity” loophole in all existing privacy protections. 

In the face of bipartisan support for the bill—which passed in the House of Representatives with a substantial majority—EFF fought to combat the legislation by raising public awareness and, helping to prevent it from moving forward in the Senate. EFF and a coalition of advocacy groups won an important victory when the Cybersecurity Act of 2012, the Senate’s version of cybersecurity legislation, failed to gain cloture in the Senate, which means it failed to obtain the number of votes necessary to move forward.

The Campaign

While a variety of external factors come into play in the case of any federal legislation, EFF utilized a combination of tactics to mobilize Internet users against CISPA and to try and influence the outcome in Washington, D.C. EFF created an innovative social networking tool and helped convene a grassroots coalition of advocates to reach diverse audiences, working in tandem with groups such as the Center for Democracy and Technology, the Bill of Rights Defense Committee, Fight for the Future, Demand Progress and others. EFF also contacted Internet security experts who could make authoritative statements about the legislation, published a series of blog posts, and educated elected officials about the privacy implications of CISPA.

EFF’s Congressional Twitter Handle Detection Tool stood out as a successful and unique way to harness support for EFF’s position. There was nothing funny about the severe privacy implications of CISPA, but EFF’s activism team realized early on that a surefire way to get the word out about the legislation was to utilize social media and infuse humor to generate interest and mount opposition. To that end, they encouraged online users to post targeted Twitter updates broadcasting “too much information” to Congressional representatives. The idea was “to showcase how the government could use these cybersecurity loopholes to gather detailed, personal facts about peoples’ everyday Internet usage,” says EFF Activism Director Rainey Reitman.

With the Twitter tool, Internet users could quickly locate their Congressional representatives’ Twitter handles by plugging in zip codes. EFF created an embeddable version so that other websites could mimic the campaign on their own domains.  And EFF also published the code for the Twitter tool, so that it could be used by other campaigns for different purposes.

The Strategy

Lawmakers’ debate about CISPA heated up in March of 2012, won approval in the House of Representatives in April, was defeated once in the Senate in early August, and finally died for 2012 in November. This meant that preventing it from winning approval in the Senate was key. EFF pursued a two-part strategy: pushing for more privacy protections in the bill to address the worst parts while at the same time advocating to stop the flawed bill entirely. In addition to the tools mentioned above, EFF also started to engage with elected officials. “We cultivated relationships with legislators who would push for privacy protections,” Reitman explains.

Some Senators were inclined to listen to EFF’s concerns in part because EFF was a prominent opponent of the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), a pair of copyright bills that emerged in 2011 and went down in flames after a mass Internet-based mobilization made them extremely unpopular. Because of the highly visible campaign against SOPA and PIPA, Senators feared that a similar campaign would take form around CISPA and result in negative press for its supporters.

Another strategy EFF used effectively was to change the debate by challenging talking points used by the government. While government proponents of CISPA tried to win support by stoking fear about hackers, EFF pointed out that it was government and private companies that would access to private emails under CISPA.

EFF also reached out to a host of Internet security experts, academics and researchers who stated publicly that strong cybersecurity didn’t necessitate sacrificing the privacy rights of Internet users. An open letter signed by these prominent signatories was published on EFF’s website and sent to the public officials who were preparing to vote on the cybersecurity legislation. “That way, whenever they said this is good for Internet security, we were able to say: Internet security experts don’t agree with you,” Reitman notes.

In the end, the U.S. government was able to use the fear of cyber-attacks to come very close to a massive increase in its surveillance capabilities. . Yet with the help of the thousands who responded by voicing their opposition, EFF helped fend off the privacy-invasive bill. The victory was summed up in a post on EFF’s Deeplinks blog following the initial Aug. 2 defeat in the Senate:

“This morning, the US Senate defeated the Cybersecurity Act of 2012, a bill that would have given companies new rights to monitor our private communications and pass that data to the government. The bill sponsors were 8 votes short of the 60 votes necessary to end debate on the bill. This is a victory for Internet freedom advocates everywhere. Hundreds of thousands of individuals emailed, tweeted, called, and sent Facebook messages to Senators asking them to defend privacy in the cybersecurity debate. Those voices were heard loud and clear in the halls of Congress today. EFF extends our heartfelt thanks to everyone who fought with us on this issue. We can all be proud today that there was no law enacted on our watch that would have compromised the online privacy rights of Internet users in the name of cybersecurity.”

Resources

EFF Action Center, No Digital Big Brother – Keep the Military Out of Your Emails

https://www.eff.org/pages/no-digital-big-brother-keep-military-out-your-email

Cybersecurity Bill FAQ: The Disturbing Privacy Dangers in CISPA and How to Stop It

https://www.eff.org/deeplinks/2012/04/cybersecurity-bill-faq-disturbing-privacy-dangers-cispa-and-how-you-stop-it

EFF blog post, “Victory Over Cyber Spying”

https://www.eff.org/deeplinks/2012/08/victory-over-cyber-spying

Open Letter from Security Experts, Academics & Engineers to U.S. Congress:

https://www.eff.org/deeplinks/2012/04/open-letter-academics-and-engineers-us-congress

Embeddable Version of Congressional Twitter Handle Detection Tool

https://www.eff.org/deeplinks/2012/04/embeddable-version-congressional-twitter-handle-detection-tool-now-available