Technologists oppose CISA/information sharing bills

Today we sent a letter to lawmakers expressing security experts' opposition to the Cybersecurity Information Sharing Act (CISA) as well as two other pending bills that purport to be about security information sharing, the Protecting Cyber Networks Act (PCNA), and the National Cybersecurity Protection Advancement Act of 2015. These experts agree that the information sharing bills unnecessarily waive privacy rights because they focus on sharing information beyond that needed for cybersecurity. The letter seeks to educate law makers about the kind of information that experts need to secure systems, and that, because it generally does not contain private data, privacy law is not a serious obstacle to sharing. The letter includes an example threat signature to illustrate that point. We can share cybersecurity information without waiving privacy law. Otherwise, what Congress will be doing is weakening privacy law and increasing government surveillance at time when the public agrees that stronger privacy and civil liberties protections are needed. 

The letter is attached. 

Comments

I'm a journalist, cybercrime reporter, public speaker, and author ("The Smart Girl's Guide to Privacy"). I have presented a Google Tech Talk on privacy, and my cybercrime reporting has been referenced in court by the FBI. I urge the opposition of CISA and the two information sharing bills on the table (PCNA, NCPAA), which pose great, irreversible harm to populations who are most at-risk for privacy violations which would reasonably be facilitated by the passing of each of these Acts.

How exactly do any of these bills "waive privacy rights?" The letter doesn't explain and since you don't reference any legislative language that is just an assertion, not a statement of fact. In reality, all of these bills have extensive privacy protections in place and require both private entities and the government to scrub personal information.

Information sharing bills drafted without meaningful input from the technical community will generally fall in two categories: feeble, or overly broad. Overly-broad bills can do more damage than good.

Privacy is an essential component of online activity

Please do not pass this bill.

Add new comment