Privacy groups launch protest against CISPA bill
Cybersecurity bill will end many online privacy protections; companies could send private data to government at any time, opponents say
Computerworld - Several groups Monday launched a week of protests against a controversial proposed cybersecurity bill they claim would eviscerate online privacy rights.
The Cyber Intelligence Sharing and Protection Act (CISPA) was introduced last November and is scheduled for a vote in the U.S. House of Representatives next week.
The Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), the American Civil Liberties Union (ACLU), Fight for the Future and other groups say that the legislation would allow Internet companies and the government to collect virtually any private online user content under the pretext of cybersecurity.
The privacy groups contend that CISPA would dismantle existing protections provided by the Federal Wiretap Act and the Electronic Communications Privacy Act and other laws.
They are hoping to stop the bill, or force amendments to it, by rallying widespread Internet opposition. Leaders say the groups will jointly call on supporters to contact local lawmakers to express their opposition.
The groups have also launched a Twitter campaign that aims to show lawmakers what kind of data the government could access if the bill is passed.
Earlier this year, similar online protests prompted lawmakers to abandon efforts to pass two extremely unpopular anti-piracy bills -- the Stop Online Piracy Act and the Protect IP Act.
"We are deeply concerned about the information-sharing component of this bill," said Rainey Reitman activism director at the EFF. "Companies would be allowed to ship any kind of personal information to the government without any judicial oversight."
She added that the law would allow government agencies to bypass existing privacy laws and requirements to obtain court orders to acces personal information in Internet users.
Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) introduced CISPA in the House in November 2011.
Backers said the legislation would help improve cybersecurity by making it easier for ISPs and companies such as Facebook and Google to collect and share threat information with the government.
Specifically the bill would allow Internet companies to "identify and obtain cyber threat information to protect [their] rights and property."
CISPA would allow private companies to monitor user activity and collect information related to such activity. The data could also be shared, without judicial oversight, with government agencies like the Department of Homeland Security and the National Security Agency.
The bill affords Internet companies a great deal of immunity for conducting such information monitoring and sharing.
Rights groups say that the bill's ambiguous wording leaves it open to all sorts of potential problems.
For instance, there's no language that would prohibit companies from monitoring private email messages, chat messages and Facebook postings simply by claiming a cybersecurity purpose. CISPA doesn't provide Internet users maany ways to sue companies for unfairly collecting and sharing personal information with the government.
According to the EFF, the definition of key terms such as "cybersecurity threat information" is dangerously vague, and could allow Internet companies to monitor and read private emails and online messages.
The opponents also contend that the legislation would allow government agencies to use information provided by Internet companies for a variety of reasons. An early version of the bill contained language that would have allowed law enforcement to go after copyright infringers using the data gathered by Internet companies, they noted.
The legislation wouldn't force companies to share threat data with the government; any sharing of information would be voluntary. "We shouldn't have to rely on the promises of companies," not to share data with the government, Reitman said.
"The major concern we have with CISPA is the fact that it is much too broad," said Kendall Burman, senior national security fellow at the CDT.
"It defines the information that private companies can share with the government in an almost unlimited way," Burman said. The information collection and sharing permitted under CISPA would do more to enable surveillance than serve any cybersecurity purpose, she added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts