As Controversial Cybersecurity Legislation Moves Through House, Activists Make a Quiet Start
BY Sarah Lai Stirland | Wednesday, April 18 2012
An Internet-wide protest campaign launched Monday against a controversial piece of cybersecurity legislation got off to a relatively quiet start this week.
The campaign against the Cybersecurity Information Sharing Act, H.R. 3523, was organized by many of the same activist groups that helped coordinate massive protests against the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA) in January. But with many tech companies and platform providers in support of the legislation, groups who were key allies for activists then — when sites like Wikipedia, the Cheezburger Network, Reddit and others blacked out their sites in protest — have not become vocal.
This legislation, unlike SOPA, would not oblige Internet infrastructure providers to monitor and reroute traffic. When a draft bill was released last week with all references to intellectual property removed from the text, a key member of the new Internet lobby, Engine Advocacy, withdrew its opposition. On Monday, Intel said in a blog post that it was encouraged by the changes. But the groups who still oppose the bill — including the Electronic Frontier Foundation, American Civil Liberties Union and others — say CISPA still uses broad language to allow unprecedented disclosure of personal information online.
The information-sharing provisions of CISPA are voluntary. In addition, the legislation protects companies from lawsuits from consumers for sharing their cybersecurity-related information with the federal government or each other.
"From what I've seen, the corporations are certainly in a different place," said Michelle Richardson, legislative counsel at the American Civil Liberties Union, which is part of the coalition that still opposes CISPA in its current incarnation. "Under this, they're not going to be forced by anyone to do anything -- to take anything down," she said.
She added: "The big downside here is for consumers and the people's information that is going to be shared with the government."
A search using Topsy Labs' indexing tool shows that a Twitter protest campaign launched Monday by a wide coalition of digital rights and civil liberties groups garnered just under eight thousand tweets around the hashtag #CISPA over the week-end before the campaign even started, and then tapered down to almost 6,500 mentions on Sunday. Topsy also shows the same pattern for the hashtag #CongressTMI, which was mentioned just over 3,200 times on Saturday and then more than 2,800 times on Sunday, the latest date for which the information was available.
Though dozens of technology companies and associations representing the business community have signed letters of support for the legislation, there's also a big group of open government groups, digital rights groups and even a political action committee focused on Internet freedom, the testPAC, that oppose CISPA.
The groups unveiled their Twitter campaign on Monday, and it involves writing editorials, educating the public on their perspective about the legislation and getting Internet users to tweet around the hashtags #CongressTMI and #CISPA. The #CongressTMI hashtag is meant to illustrate all the personal, irrelevant information that the groups charge that agencies such as the National Security Agency would have access to if CISPA became law (see the graphic above.)
Groups participating in the campaign include the the Electronic Frontier Foundation, Avaaz.org, Free Press, the Center for Democracy and Technology, the American Civil Liberties Union, Reverse Robocall, the Sunlight Foundation, Demand Progress andFight for The Future, Reporters Without Borders, among others.
The ACLU's Richardson says that the groups don't oppose the legislation per se. However, the recent changes provided by the staffers on the House Permanent Select Committee on Intelligence just don't go far enough, she said.
"This isn't some crazy liberal proposal," she said about the changes that the ACLU and other groups are pressing for. Language in both a Senate cybersecurity proposal from Sens. Joe Lieberman (I-Conn) and Diane Feinstein (D-Calif) and the Obama administration require more accountability from the private sector and precision about what can be shared, she noted.
Rep. Dan Lungren, (R-Calif.)'s bill H.R. 3674, is more acceptable than CISPA because "it would only permit sharing of information 'necessary' to describe a cybersecurity threat and would obligate companies to make reasonable efforts to strip out personally identifiable information," according to Richardson.
The intelligence committee's response to the minimization of personally-identifiable information is that it would represent an "unfunded mandate" on the private sector, and would discourage the sharing of potential threat information with the relevant government agencies.
"The executive branch may, of course, still develop reasonable procedures to protect any such information voluntarily shared with the government," according to a Monday memo sent out to reporters.
Fight for the Future, one of the activist groups that helped to spread the anti SOPA/PIPA message earlier this year, has built a simple tool that automates the process of finding congressional representatives on Twitter, and sending them a sarcastic #CongressTMI tweet. Though the response to the campaign hasn't exploded, Tiffiniy Cheng, its director, is optimistic that it can gain momentum and change companies' positions, as it did with the domain name management company GoDaddy in the SOPA fight.
"What's similar to the SOPA/PIPA fight is that people aren't just reading about the legislation -- they're becoming active," Cheng said. "We're opening up a dialogue with Congress. There was a beginning in the SOPA dialogue, and this is the beginning of the CISPA dialogue."