Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

Activists Plan Protests Against House Internet Surveillance Bill "CISPA"

BY Sarah Lai Stirland | Wednesday, April 11 2012

Image: Shutterstock/Arena Creative

Many of the same organizations that planned the Internet-wide protests that killed the Stop Online Piracy Act are gearing up to launch another high profile demonstration against a controversial piece of cybersecurity legislation that is speeding towards the House floor.

"The bill uses very broad language that is capable of many interpretations, and now people are starting to focus on what those interpretations might mean, and they're looking down the road at how companies and the government might interpret this very broad language, and they're finding problems," says Greg Nojeim, senior counsel at the Center for Democracy & Technology and the director of its Project on Freedom, Security & Technology. "If the sponsors of the bill believe these are not problems, it's incumbent on them to clarify that these are not problems to preclude these interpretations. So far, that hasn't happened."

CDT is part of a group of organizations including the American Civil Liberties Union, Demand Progress, and the Electronic Frontier Foundation, which are going to launch a week-long campaign to persuade netizens to contact their members of Congress over their concerns about the legislation, which they say expands domestic Internet surveillance to unprecedented levels.

The legislation is H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA), which the Electronic Frontier Foundation has characterized as "a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats."

To be clear, the legislation doesn't involve any blacklisting, or domain name blocking, but works to immunize the private sector from any legal liabilities for sharing potential network threat information with each other and the government. Because the legislation's authors are concerned about economic espionage by foreign actors such as China, the language defining threats includes theft of intellectual property. That's one component that's alarmed many Internet users as well as activists, who worry that that might ensnare the activities of file-sharers.

Another concern is that the legislation doesn't place enough limits on what the shared information can be used for, and the extent of the sharing within the government community.

Nojeim, for example, says that the legislation should specify that the information that private companies share about threats to their networks shouldn't be siphoned off to the National Security Agency to be used for national security purposes.

"The NSA shouldn't be allowed to use this information about who communicated with whom to decide who to wiretap," he says, which would be one way the law as written could be interpreted. "We don’t need the information used for cyber to be dumped into the massive NSA database for these other purposes."

Nojeim says a competing House bill, H.R. 3674, sponsored by California Republican Dan Lungren, makes more sense because the legislation is much more specific as to what constitutes a cyber threat, who the information can be shared with, and how the information can be used.

Yet CISPA has broad support. It boasts a bipartisan co-sponsorship list of 105 House members and 28 letters of support from private industry. The list includes industry trade groups like the U.S. Chamber of Commerce, US Telecom, The Broadband Association, CTIA -- The Wireless Association, Business Roundtable, The Financial Services Roundtable, the Information Technology Industry Council, and the Internet Security Alliance. Prominent technology companies that have written letters supporting the legislation include Facebook, Intel, Microsoft and IBM. AT&T and Verizon also support the legislation.

Conspicuously absent from the list however, is Google. An e-mail sent to the company's press department was unanswered. Rainey Reitman, leader of the EFF's activism team, declined to say whether Google was one of the companies that would be involved in the protests against CISPA next week. She said that the EFF is in the process of trying to get a number of companies to sign on to support their campaign.

"I think this will be an interesting issue -- Internet companies were happy to come out to protest legislation that could not only impact the future of the internet, but it could also impact their bottom lines," she says. "Nonetheless, I think there are still a lot of companies out there that in the wake of the SOPA debate who now have a more nuanced understanding of why we need to protect civil liberties in general."

Though she declined to give more specifics, the intent of the campaign is to get people to call their members of congress about the legislation the week before Congress embarks on its own self-designated "cybersecurity week," when CISPA is scheduled to be voted on on the House floor on Monday April 23.

And she said the campaign is going to involve elements of the "Tell Vic Everything," campaign that was launched on Twitter in Canada in February, where citizens used the hashtag #TellVicEverything to flood the microblogging service with useless minutia of their lives.

"The way this campaign worked was folks would Tweet everything about their daily lives to showcase just how much data would be sucked up under the mantle of fending off terrorists threats, and most of the data was useless," Reitman says. "Our campaign isn’t like that, but it was a little bit inspired by that effective campaign in Canada."

Members of Anonymous have already started attacking some of the web sites of the associations that have expressed support for CISPA, and members of Reddit have talked about boycotting Facebook.

As if fearing a SOPA backlash, the two sponsors of the legislation, the majority and minority leaders of the House Permanent Committee on Intelligence convened a conference call with reporters on Tuesday morning to sell CISPA, and to dispel any notions that it has any resemblance to SOPA.

They said that their legislation is aimed at thwarting hackers and malicious code unleashed by "nation state actors" like China and Russia. Committee Chairman Mike Rogers, (R-Mich.) and ranking member Dutch Ruppersberger, a Democrat from Maryland, emphasized on the conference call Tuesday that the legislation was meant to stop the theft of U.S. companies' business information from their networks, as well as help the private sector combat online crime and hackers by giving them access to classified threat information currently held by the U.S. government.

Rogers and Ruppersberger told reporters on Tuesday that they'd spent a year consulting with various groups, including the American Civil Liberties Union and CDT on the legislation. Nojeim says they were consulted, but ignored. Nothing in the language of the legislation changed even after numerous consultations. There wasn't even a hearing to air concerns about the legislation.

"This is a bill that was introduced one day, marked up the next, and marked up secretly," Nojeim said in an interview. "Only now is it getting scrutiny, as it heads towards the floor for a vote."

Asked about the broad language on the conference call, Ruppersberger said:

"We continue to work with various groups to see if the definition can be more narrowly tailored, but it is important that any definitions be flexible enough to deal with rapidly changing technologies, and the various adaptive techniques used by any nation state hackers."

The legislators are also trying to sell the legislation on their social networks, but some members of the networks weren't buying.

A Tuesday Facebook post about the conference call attracted critical comments from readers. On Wednesday, that post was then nowhere to be found.

Twenty-seven people "liked" the post, but several readers also reacted negatively.

Scott Swanson was one of the more polite commenters.

"So not only are you trying legally thwart public discontent with government censorship on the internet, you are allowing corporations to directly profile individuals and groups as they see fit and report that activity to the government. Who do you work for, exactly?" he wrote.

This post has been updated. The story incorrectly reported that a Facebook post had been removed, when it had just moved.

News Briefs

RSS Feed wednesday >

In Mexico, A Wiki Makes Corporate Secrets Public

Earlier this year the Latin American NGO Poder launched Quién Es Quién Wiki (Who's Who Wiki), a corporate transparency project more than two years in the making. The hope is that the platform will be the foundation for a citizen-led movement demanding transparency and accountability from businesses in Mexico. Data from Quién Es Quién Wiki is already helping community activists mobilize against foreign companies preparing to mine the mountains of the Sierra Norte de Puebla.


thursday >

NY Study Shows How Freedom of Information Can Inform Open Data

On New York State's open data portal, the New York Department of Environmental Conservation has around 40 data resources of varying sizes, such as maps of lakes and ponds and rivers, bird conservation areas and hiking trails. But those datasets do not include several data resources that are most sought after by many New York businesses, a new study from advocacy group Reinvent Albany has found. Welcome to a little-discussed corner of so-called "open government"--while agencies often pay lip service to the cause, the data they actually release is sometimes nowhere close to what is most wanted. GO

Responding to Ferguson, Activists Organize #NMOS14 Vigils Across America In Just 4 Days

This evening peaceful crowds will gather at more than 90 locations around the country to honor the victims of police brutality, most recently the unarmed black teenager, Michael Brown, who was shot and killed by a police officer in Ferguson, Missouri, on Saturday. A moment of silence will begin at 20 minutes past 7 p.m. (EST). The vigils are being organized almost entirely online by the writer and activist Feminista Jones (@FeministaJones), with help from others from around the country who have volunteered to coordinate a vigil in their communities. Organizing such a large event in only a few days is a challenge, but in addition to ironing out basic logistics, the National Moment of Silence (#NMOS14) organizers have had to deal with co-optation, misrepresentation, and Google Docs and Facebook pages that are, apparently, buckling under traffic.