Today I had a good conversation with Jennifer Warren, a legislative aide in your Washington office. I tried to explain my opposition to the Cyber Intelligence Sharing and Protection Act (CISPA) but I was not able to give the best facts to address my concerns over the phone. She invited me to send an email with a more articulate response (my words, not Jennifer’s).
The basis for my opposition is this: the definitions in the bill are much too vague and open our personal information to sharing with anyone. If I use a file share service to send a movie of my children to their grandparents, the sharing of the movie would be suspicious. The movie could appear to be the intellectual property of someone else, so a self-protected entity could choose to share that information with anyone: Dropbox with Google, Google with Bank of America, BOA with Warner Brothers, Warner Brothers with DHS. There is no requirement in the bill to strip out personally identifiable information.
“SELF-PROTECTED ENTITIES.—Not withstanding any other provision of law, a self-protected entity may, for cybersecurity purposes
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and
(ii) share such cyber threat information with any other entity, including the Federal Government.”
Additionally, if my information is shared with anyone, there is no requirement to notify me and there is no liability for anyone if they claim “good faith”.
“EXEMPTION FROM LIABILITY.—No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self- protected entity, or cybersecurity provider, acting in good faith”
The Electronic Frontier Foundation and the Center for Democracy & Technology have more details and reasons why this bill is a bad idea.
I strongly urge that you vote against this poorly written legislation. Information from the intelligence services can be shared with industry in a way that does not trample your privacy and mine.
Congresswoman Roby already voted for indefinite detention and denial of the writ of habeas corpus with her vote to pass the 2012 NDAA. (Her vote for the final bill is shown here) I entreat Congresswoman Roby to do all she can to oppose CISPA.
UPDATE: H.R. 3523: Cyber Intelligence Sharing and Protection Act was passed yesterday by the house. Martha Roby voted FOR the bill. (Voting record here) Voters will remember come election time in November.