By Patrick Steele, EFF Activist Intern
CISPA, the Cyber Intelligence Sharing and Protection Act of 2011 (HR 3523), is the new bill threatening civil liberties moving quickly through the House. In the past, we've documented the numerous problems with the bill and with other cybersecurity legislation.
Here is a list of organizations and influential people that expressed concerns about the dangerous civil liberties implications of the bill. Though each organization or person may differ in their terminology, they all reach the same conclusion—CISPA is not a "sharing of information bill only." It is an expansive bill that enables spying on users and allows for unaccountable companies and government agencies that can skirt privacy laws.
To add your organization to this list, please email firstname.lastname@example.org.
Access Now in CISPA: The latest attempt to establish a massive surveillance state
“Rogers (the bill’s author) says that the bill aims to 'help the private sector defend itself from advanced cyber threats,' but what it does is allow unlimited sharing of personally identifiable data amongst and between private companies and the government, without a single safeguard for privacy or civil liberty.”
Access Now's petition for companies to withdraw support of CISPA can be found here.
American Library Association in ALA CISPA Information Page
"This bill would trump all current privacy laws including the forty-eight state library record confidentiality laws as well as the federal Electronic Communications Privacy Act, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the Privacy Act.
Essentially, CISPA would establish a whole new system for our nation’s privacy laws and policies and legalize extraordinary intrusions into established privacy rights and civil liberties."
Also visit their Call Your Representative Page and help them spread the word!
American Civil Liberties Union in Kicking off "Stop Cyber Spying Week"
“Keeping our computer systems secure is a real concern, but CISPA is absolutely the wrong answer. The bill would create a loophole in all existing privacy laws, allowing companies to share Internet users' data with the National Security Agency, part of the Department of Defense, and the biggest spy agency in the world—without any legal oversight."
Sign their Petition to stop CISPA!
Avaaz.org in Stop CISPA Contact Form
“The US Congress is sneaking in a new law that gives them big brother spy powers over the entire web—and they're hoping the world won't notice. We helped stop their Net attack last time, let's do it again.”
Avaaz has continued their campaign against CISPA - asking activists and users to sign a new petition asking IBM, Facebook and Microsoft to drop their support of CISPA.
The Cato Institute
The Cato Institute has published a series of articles analyzing cybercrime, its truth, its myths, and the hard math behind legislation such as CISPA and the inherit problems with cyber security bills such as this.
"The cybercrime surveys we have examined exhibit [a] pattern of enormous, unverified outliers dominating the data. In some, 90 percent of the estimate appears to come from the answers of one or two individuals. In a 2006 survey of identity theft by the Federal Trade Commission, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined. This is not simply a failure to achieve perfection or a matter of a few percentage points; it is the rule, rather than the exception. Among dozens of surveys, from security vendors, industry analysts and government agencies, we have not found one that appears free of this upward bias."
From Cybercrime Statistics to Cyberspying
Soviet-Style Cybersecurity Regulation
Should a Congress that Doesn’t Understand Math Regulate Cybersecurity?
Cybersecurity: Talking Points vs. Substance
The Center for Democracy and Technology in Cyber Intelligence Bill Threatens Privacy and Civilian Control
“If the bill merely extended to other companies the opportunity to receive classified attack signatures from the NSA so they could better defend their networks, CDT would actively support the legislation. However, the bill goes much further, permitting ISPs to funnel private communications and related information back to the government without adequate privacy protections and controls."
Contact your representative page
Demand Progress in CISPA Is The New SOPA: Help Kill It
“CISPA demolishes existing barriers between the government and the private sector -- and between government agencies -- that restrict data sharing without cause, effectively allowing information about Americans' use of the Internet to slosh back and forth uninhibited.”
Help Demand Progress to make Facebook drop CISPA Support on their new petition page!
Entertainment Consumers Association in 1984 Could Be Here Now
"The legislation amends and updates the National Security Act of 1947, which doesn’t contain provisions regarding cyber crime. While this law absolutely needs to be updated, this legislation is the latest example of Congress debating technology issues, while not understanding the full implications of the legislation they’re trying to pass.
CISPA would have technology companies, like video game systems, internet service providers (ISPs) and more share your use of technology with the Government under the guise of cyber security. It’s George Orwell’s classic book 1984 right here, right now."
Fight for the Future in its newly launched webpage focused on CISPA
"A cybersecurity bill that lets any company share your info with all of government, with no limits. In short, CISPA is the end of meaningful privacy for anyone with personal data on US-based services."
Free Press in Free Press Action Fund Joins Stop Cyber Spying Week to Protest CISPA
“As it stands, CISPA could lead all too easily to governmental and corporate violations of our privacy and attacks on our right to speak freely via the Internet. While there is a need to protect vital national interests, we can’t do it at the expense of our freedoms."
Free Market Coalition in Amend CISPA to Perserve Freedom, Prevent Gov't Overreach
"CISPA aims to help companies defend against cyber attacks by facilitating the sharing of cyber threat information among government agencies and the private sector. Despite the bill's noble intentions, however, it risks unduly expanding federal power, undermining freedom of contract, and harming U.S. competitiveness in the technology sector. Our coalition letter articulates the following major problems with CISPA and explains how Congress can amend the bill to fix them.. (Continued in article)"
IntellectualConservative.com in With CISPA, Congress Turns Internet Websites into Police
"H.R. 3523 will allow websites to share users’ personal information with the federal government in the name of cyber security, with no judicial oversight. It would authorize internet providers, social networking sites, and other websites that store personal information to monitor users’ personal emails for the vague purpose of “protecting the rights and property” of the provider."
Mozilla in a statement to Forbes:
"While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation."
POPVOX in What's Your Position on Cispa?
"What do you think about CISPA? The next vote on this bill will occur in the House of Representatives. How should your representative vote?"
Help POPVOX to show the overwhelming opposition to CISPA!1
Reporters Without Borders in Internet Advocacy Coalition Announces Twitter Campaign to Fight Privacy-Invasive Bill (CISPA)
“In the name of the war on cyber crime, it would allow the government and private companies to deploy draconian measures to monitor, even censor, the Web. It might even be used to close down sites that publish classified files or information.”
Sincerely.com in Stop Cispa! Letter Sending Page to Congress
"First there was SOPA, now there is CISPA, the newest proposed bill that gives internet companies the power to hand over your private information over to the government."
Sum of Us.org in Disklike! Facebook Supporting Government Spying
"If the Cyber Intelligence Sharing and Protection Act (CISPA) passes, companies could intercept your text messages and emails to share with each other and the government – giving the US military the power to track, control, and share almost all of your online information without the use of a warrant. They could even block access to websites, or cut off your internet connection altogether. Like SOPA (which Facebook opposed), CISPA is a major threat to internet freedom and gives the government broad power to protect big media companies at your expense. It’s even a threat for internet users outside the US – because Facebook, Google and other major online service providers are headquartered in the US, even their non-American users’ online data could be used by the US military or corporations."
Sunlight Foundation in CISPA is Terrible for Transparency
“The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities. CISPA dismisses it entirely, for the core activities of the newly proposed powers under the bill. If this level of disregard for public accountability exists throughout the other provisions, then CISPA is a mess. Even if it isn't, creating a whole new FOIA exemption for information that is poorly defined and doesn't even exist yet is irresponsible, and should be opposed.”
The White House’s Statement on Cyber Security in The Hill
“Any cybersecurity bill with information sharing provisions "must include robust safeguards to preserve the privacy and civil liberties of our citizens." The White House declared they would not support a bill that would "sacrifice the privacy of our citizens in the name of security."
As we have seen in a previous EFF blog post these privacy sacrifices are numerous and extensive.
Other Organizations Voicing Concerns About CISPA's Impact on Civil Liberties
Advocacy for Principled Action in Government
American Association of Law Libraries
American Association of University Professors
American Booksellers Foundation for Free Expression
American Society of News Editors
American Policy Center
Association of Research Libraries
Bill of Rights Defense Committee
Center for Media and Democracy Citizens for Responsibility and Ethics in Washington –CREW-
Cyber Privacy Project
Center for Media and Democracy
Center for National Security Studies
Center for Rights
Canadian Internet Policy and Public Interest Clinic
The Constitution Project
Consumer Federation of America
Council on American-Islamic Relations
Cyber Privacy Project
Defending Dissent Foundation
Feminists for Free Expression
Freedom of Information Center at the Missouri School of Journalism
Government Accountability Project
Hon. Bob Barr
James Madison Project
National Freedom of Information Coalition
National Coalition Against Censorship
National Association of Criminal Defense Lawyers
National Whistleblower Center
Patient Privacy Rights
Privacy Rights Clearinghouse
Project On Government Oversight - POGO
PEN American Center
Personal Democracy Media
Public Employees for Environmental Responsibility – PEER
The Pullins Report
Republican Liberty Caucus
The Rutherford Institute
Society of American Archivists
Society of Professional Journalists
Special Libraries Association
Utah Foundation for Open Government
US Bill of Rights Foundation
Washington Coalition for Open Government
Individual Experts, Academics and Policy Makers
As opposition for CISPA grows we have seen an increasing number of influential individuals come out against CISPA.
Many of these people published an Open Letter to Congress that we blogged about this week, and we will continue adding to this list as the campaign continues!
Ron Paul has published a letter oulining his oposition to CISPA
"CISPA is essentially an internet monitoring bill that permits both the federal government and private companies to view your private online communications with no judicial oversight--provided, of course, that they do so in the name of “cybersecurity.” The bill is very broadly written, and allows the Department of Homeland Security to obtain large swaths of personal information contained in your emails or other online communication. It also allows emails and private information found online to be used for purposes far beyond any reasonable definition of fighting cyberterrorism."
Tim Berners-Lee - Inventor of the World Wide Web Speaks Out Against CISPA
“[It] is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world. Even though the Sopa and Pipa acts were stopped by huge public outcry, it’s staggering how quickly the US government has come back with a new, different, threat to the rights of its citizens.”
Bruce Schneier. Prominent security researcher and cryptographer, published seminal works on applied cryptography. Active in public policy regarding security issues; runs a weblog and writes a regular column for Wired magazine.
David J. Farber. Distinguished Career Professor of Computer Science and Public Policy, Carnegie Mellon University. Designer of the first electronic switching system. Was a major contributor to early programming languages and computer networking. EFF board member.
Donald Eastlake. Original architect of DNS Security, network security expert. Chair of IETF TRILL and IETF PPPEXT working groups.
Peter Swire. C. William O'Neill Professor of Law, Ohio State University. Former Assistant to President Obama for Economic Policy, and former Chief Counselor for Privacy in the U.S. Office of Management and Budget.
Eric Burger. Research Professor of Computer Science and Director, Georgetown Center for Secure Communications, Georgetown University. Chair of multiple IETF Working Groups.
Tobin Maginnis. Professor of Computer and Information Science, University of Mississippi. Operating system researcher, GNU/Linux expert, Web architecture researcher and networking expert.
Sharon Goldberg. Professor of Computer Science, Boston University. Network security researcher, member of FCC CSRIC working group on BGP security.
Peter G. Neumann. Principal Engineer, SRI International Computer Science Laboratory; moderator, ACM Risks Forum. Affiliation listed for purposes of identification only.
Stephen H. Unger. Professor Emeritus, Computer Science and Electrical Engineering, Columbia University. Board of Governors of IEEE Society on Social Implications of Technology (SSTI).
Geoff Kuenning. Professor of Computer Science and CS Clinic Director. Harvey Mudd College. File system researcher, built the SEER predictive hoarding system to predict what files mobile users will need while disconnected from a network.
Benjamin C. Pierce. Professor of Computer and Information Science, University of Pennsylvania. Research on differential privacy, which allows formal reasoning about real-world privacy.
Richard F. Forno. Professor of Computer Science focused on cybersecurity, signing as a private citizen.
Jonathan Weinberg. Professor of Law, Wayne State University. Chair of ICANN working group, and expert on communications policy.
Joseph “Jay” Moran. Distinguished engineer, AOL technical operations. Experienced executive working in technical operations and engineering for 20+ years.
Dan Gillmor. Technology writer and columnist. Director of Knight Center for Digital Media Entrepreneurship at Arizona State University, Fellow at the Berkman Center for Internet and Society, Harvard University. EFF pioneed award winner.
Armando P. Stettner. Technologist and senior member of IEEE, spearheaded native VAX version of Unix.
Gordon Cook. Technologist, writer, editor and publisher of “COOK report on Internet Protocol” since 1992.
Alexander McMillen. Entrepreneur and CEO, Sliqua Enterprise Hosting.
Sid Karin. Professor of Computer Science and Engineering, University of California, San Diego. Former founding Director of the San Diego Supercomputer Center (SDSC) and National Partnership for Advanced Computational Infrastructure (NPACI).
Eric Brunner-Williams. CTO, Wampumpeag. Signing as an individual.
Lawence C. Stewart. CTO, Cerissa research. Built the Etherphone at Xerox, the first telephone system working over a local area network; designed early e-commerce systems for the Internet at Open Market.
Ben Huh. Entrepreneur, CEO Cheezburger Inc.
Dave Burstein. Editor, DSL Prime.
Mikki Barry. Managing partner, Making Sense of Compliance.
Blake Pfankuch. Network engineer.
John Peach. Systems Administrator with 20+ years of experience.
Valdis Kletnieks. IT Professional, Virginia Tech University.
Darrell Hyde. Director of Architecture, Hosting.com.
Ryan Rawdon. Network and Security Engineer, was on the technical operations team for one of our country's largest residential ISPs.
Ken Anderson. VP of Engineering, Pacific Internet.
Andrew McConachie. Network engineer working on Internet infrastructure.
Richard Kulawiec. Senior network security architect with over 30 years experience.
Aaron Wendel. CTO, Whalesale Internet, Inc.
David Richardson. Center for High Performance Computing, University of Utah.
David M. Miller. CTO / Executive VP for DNS Made Easy.
Marshall Eubanks. Entrepreneur and CEO, America Free TV.
Edward Arthurs. Manager of Network Installations, Legacy Inmate Communications, Legacy Contact Center, Legacy Long Distance Intl. Inc.
Christopher Liljenstolpe. Chair of the IETF Operations and Management Area Working Group. Chief architect for AS3561 (at the time about 30% of the Internet backbone by traffic) and AS1221 (Australia's main Internet infrastructure).
Christopher McDonald. Vice President, PCCW Global.
Joseph Lorenzo Hall. Research Fellow focused on health information technology and electoral transparency, New York University.
Ronald D. Edge. IT expert.
David Henkel-Wallace. Vice President of Engineering. Terrajoule Corporation.
John Pettitt. Internet commerce pioneer, online since 1983, CEO Free Range Content Inc.; founder/CTO CyberSource & Beyond.com; created online fraud protection software that processes over 2 billion transaction a year
Ben Kamen. I.T./EE Professional.
Christopher Soghoian. Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University.
Jo Young. IT professional.
Mark Hull-Richter. Senior software engineer.
Joop Cousteau. VP, Global Network Technology. KLM Airlines USA Ltd.
Jonathan Mayer. Graduate researcher, Security Lab and the Center for Internet and Society, Stanford University
Jeremy Sliwinski. Network engineer with 10+ years of experience.
Nathan Syfrig. Software Engineer and IT Consultant.
- 1. Correction: Edited to reflect that Popvox does not oppose CISPA. It is a nonpartisan organization.