In a letter (pdf) to members of the House of Representatives, 36 groups (including the American Civil Liberties Union, American Library Association, Center for National Security Studies, Electronic Frontier Foundation, Government Accountability Project, and the Republican Liberty Caucus) urged them to vote “No” to H.R. 3523, the “Cyber Intelligence Sharing and Protection Act of 2011 (CISPA).” The legislation is scheduled for consideration on the House floor next week. The groups wrote:
CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s ‘information sharing’ regime allows the transfer of vast amounts of data, including sensitive information like internet use history or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command.
Once in government hands, this information can be used for any non-regulatory purpose so long as one significant purpose is for cybersecurity or to protect national security. These are not meaningful use restrictions: “national security” use is one of the problems, and the White House recognized this immense problem by precluding such use in its own cybersecurity proposal. While the bill requires the Director of National Intelligence Inspector General to issue annual reports on the government’s use of information shared with it under the bill, such reports would only be provided to congressional intelligence committees, and IG reports are no substitute for meaningful use restrictions and they will do nothing to dissuade companies from misusing personal information shared under this broad new program.
We believe these broad new authorities will needlessly impinge on Americans’ privacy and urge you to vote ‘no’ on CISPA. Several other bills in the 112th Congress proposed by members on both sides of the aisle and in both houses contain protections that could easily be incorporated into CISPA to protect privacy.