A group of 19 civil liberties organizations from across the political spectrum this morning issued a letter to the White House and Congress urging lawmakers to oppose the final “conferenced” version of a dangerous cyber bill that experts say will dramatically expand government surveillance while failing to make us safer from cyber attacks.
“The final version of this bill is an insult to the public and puts all of us in greater danger of cyber attacks and government surveillance,” said Evan Greer, campaign director of Fight for the Future, who organized the letter, “This was already a fundamentally flawed piece of legislation, and now even the meager privacy protections it provided have been gutted, exposing it for what it really is: a bill to dramatically expand abusive government spying.”
The text of the letter is copied below. Signers include prominent civil liberties groups ranging from the American Library Association, Fight for the Future, Demand Progress, and Free Press Education Fund to FreedomWorks, Campaign for Liberty, and R-Street.
December 9, 2015
Dear President Barack Obama and Members of Congress,
The undersigned organizations urge you to oppose the newly negotiated “conference” legislation that purports to resolve differences between H.R. 1560, which includes both the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), and the Cybersecurity Information Sharing Act of 2015 (CISA, S. 754). The current version of these bills is the result of secret negotiations between the House and Senate intelligence committees at the expense of critical expert input from the House Committee on Homeland Security, and it loses any advantages and improvements in the Homeland Security Committee’s own cybersecurity bill, the NCPAA.
Many organizations and companies† opposed CISA in its earlier form because they believed it would damage Americans’ privacy without improving security. Civil liberties organizations’ concerns are well known. Companies share many of the same concerns. But companies also work hard to earn users’ trust when it comes to privacy. Without that trust, business suffers. Instead of addressing these concerns with the existing bills, the current proposal would build a government regime that makes it impossible for companies to guarantee the protection of customers’ civil liberties and privacy, while also failing to meaningfully improve cybersecurity.
Specifically, the text just negotiated is publicly reported to include the following gravely flawed changes to the passed bills. These changes would render it an unacceptably compromised piece of legislation that will be both unhelpful for cybersecurity and dangerous to Americans’ civil liberties. Specifically, It threatens to:
-Create a loophole that would allow the President to remove the Department of Homeland Security, a civilian agency, as the lead government entity managing information sharing;
-Reduce privacy protections for Americans’ personal information;
-Overexpand the term “cyber threat" to facilitate the prosecution of crimes unrelated to cybersecurity;
-Expand already broad liability protection for information disclosure;
-Preempt state, local or tribal disclosure laws on any cyberthreat information shared by or with a State, tribal, or local government; and
-Eliminate a directive to ensure data integrity.
Moreover, these modifications worsen bills that already contained fundamental flaws. These bills, in particular CISA, would already:
-Dramatically expand the amount of sensitive information held by government agencies with dismal records on data security;
-Undermine civilian agency leadership of cybersecurity efforts;
-Institute blind, automatic transfer of personal information to intelligence agencies, including the National Security Agency, that would be authorized to use the information for non-cybersecurity purposes;
-Allow private entities to transfer irrelevant and sensitive personally identifiable information to the government without accountability;
-Allow companies and other entities to use “defensive measures” to protect “information systems,” which could unintentionally harm systems and computers of innocent parties; and
-Provide unnecessarily expansive liability protections to companies, thereby undermining customer trust and limiting judicial remedies for those whose rights are violated.
Because it fails to resolve these weaknesses originally present within the three bills and makes new and alarming changes to them, we strongly object to the intelligence committee’s latest iteration of “cybersecurity” legislation and the undemocratic process that produced it.
Please join us in rejecting these new, troubling flaws and insisting that any version of cybersecurity legislation brought to the floor of either chamber draws heavily upon NCPAA and the expertise and extensive input of the House Committee on Homeland Security.
Advocacy for Principled Action in Government Amicus American Library Association Bill of Rights Defense Committee Campaign for Liberty Constitutional Alliance Defending Dissent Foundation Demand Progress DownsizeDC.org, Inc. Fight for the Future Free Press Action Fund FreedomWorks Media Alliance Niskanen Center OpenMedia OpenTheGovernment.org Our America Initiative Restore the Fourth R-Street Institute X-Lab
Internet users are furious about media reports indicating that Speaker of the House Paul Ryan is manipulating Congressional process in an attempt to force a rushed vote on the final version of a controversial cyber-surveillance bill this week – and that the final language is even more draconian than expected, with the last vestiges of privacy protections stripped out.
Fight for the Future and other groups from across the political spectrum have been mobilizing Internet users to speak out about Ryan’s backroom dealing, demanding transparency in the process. Fight for the Future members alone have generated more than 50,000 tweetsover the weekend focused on Ryan, and also calling for House Homeland Security Chair Michael McCaul––a key player in the negotiations––to stand up to leadership.
“This is Congress at its worst,” said Evan Greer, campaign director of Fight for the Future, “Not only are they ignoring widespread public outcry and consensus from security experts that this bill will make us even more vulnerable to cyber attacks, they’re using a sneaky non-transparent process to force a rushed vote and keep the public, and even members of Congress, in the dark about what they’re really voting on.”
“Paul Ryan seems to care very little for his party’s concerns as he rushes a vote on a bill that would turn corporations into government spies,” added Tiffiniy Cheng, co-founder of Fight for the Future.
People close to the negotiations indicate that the final text is more than 100 pages long. It’s hard to imagine how members of Congress can be expected to meaningfully review the language, or get input from experts, if leadership succeeds in pushing through a vote this week.
Digital rights group Fight for the Future has been at the forefront of opposition to CISA. Earlier this year they lead a series of high profile campaigns, sparking a backlash that resulted in major tech companies like Apple, Google, Twitter, Dropbox, Yahoo, Wikipedia, Yelp, and Salesforce coming out in opposition to the bill. They have also mobilized more than 15,000 websites for an online protest, and generated more than 6 million faxes to the Senate, along with hundreds of thousands of emails and phone calls.
Other groups from across the political spectrum have opposed the bill, along with security experts. Below is a list of recent blog posts from groups opposing Paul Ryan’s attempt to rush CISA to a vote this week.
Regardless of what happens with the cyber bill negotiations, any final bill will of course have to be signed by President Obama, who had previously promised to veto similar legislation without robust privacy protections. Fight for the Future and other groups will be demanding that Obama stand by his previous commitment, and calling for a veto on any bill that does not meet the White House’s previous standards.
Fight for the Future is a grassroots advocacy group with more than 1.4 million members that fights to protect the Internet as a powerful platform for freedom of expression and social change. They’re best known for organizing the massive online protests against SOPA, for net neutrality, and against government surveillance. Learn more at https://www.fightforthefuture.organd https://www.twitter.com/fightfortheftr
Hey, we just got word that pro-surveillance forces in the House of Representatives are pushing hard for a backroom deal that would force a rushed vote on a final version of CISA, the Cybersecurity Information Sharing Act, this week.
Here’s the worst part: the final version of the bill appears even more draconian than expected, with the last vestiges of privacy protections stripped out. 
The final language is somewhat of a “Frankenstein” bill that combines the worst aspects of several cyber bills that Congress has been considering. It’s more than 100 pages long, but Paul Ryan, the new Speaker of the House, is trying to steamroll dissenting voices and ram through a vote before anyone has even had time to read the whole thing.
Remember the PATRIOT Act? This could be even worse. But it’s also a risky play – if enough members of Congress get upset about this abusive manipulation of Congressional process, CISA could implode.
Not on twitter? Call his office at: (202) 225-3031
Things are moving extremely quickly, so timing is everything. There’s no time for emails or petitions to Congress to get through right now, but we’ve been hearing more and more from staffers on Capitol Hill that they *really* notice when they get a lot of tweets about an issue.
Sometimes even just a few dozen tweets can be enough to affect a Representative’s vote.
We need to make sure that Paul Ryan gets the message that CISA is politically toxic. That’s the only way to slow it down.
But to help make that happen, we also need to get some of the members of the “Freedom Caucus,” who ostensibly oppose overly broad government surveillance, to speak up and oppose Ryan’s dirty dealing.
And if you’ve got two minutes, please go down the list below and tweet at these other key members of the House who can help stop CISA from barreling through without any meaningful review of the final text.
Did you make it through the whole list? You’re a true Internet hero.
Thanks for all that you do. We’ll keep you posted as things develop.
-Jeff at FFTF
P.S. To understand one of the less-discussed dangers of CISA, check out this CNN article about how corporations and the government collude to hide major hacks. CISA would give more companies legal immunity and cover for this type of abuse.
If you’re already buying gifts for friends and family, you can support us through many of your online purchases. Are you an Amazon shopper? Bookmark this link for your Amazon purchases and you will support our work at no cost to you. Shop for games and books at Humble Bundle? Bookmark thislink for their store or search for us in the list of groups at checkout. They donate a portion of their profits to groups like ours. Are you a seller on eBay?Click hereto donate a portion of your sale. Looking for ways to protect your privacy? If you buy a VPN from Private Internet Access here, they will donate a portion of their sales to us. Are you in need of great gifts or just looking for some cool merch? Visit ourstoreto find cat lights, Snowden t-shirts and more.
Hoorah! Thanks in advance for doing everything you can to fight for an open Internet!
I wish we didn’t have to write this. I wish we could take this week to reflect and grieve. But some politicians are wasting no time exploiting tragedy and manipulating our emotions to push their political agendas. To remain silent right now would be irresponsible.
The attacks in Paris and Beirut have all of us looking for answers. What can we do to stop this violence?
But while people around the world are grappling with that question, U.S. government official are instead seizing the opportunity to renew their attacks on our most basic freedoms, even though they know it won’t make us safer from attacks.
Specifically, government officials in the U.S. and Europe are pushing to ban strong encryption technology. They want every type of Internet security to have a “backdoor” so that governments can access literally everything. Here’s the problem: weakening encryption will actually make us all less safe. Even if you trust governments to never abuse this system and only use it in the most extreme circumstances, once a backdoor exists, it can be used by anyone who can find it, including criminals, other governments, and yes, even terrorists.
Fortunately, we’ve done a mountain of work over the last year educating the public and fighting this kind of misinformation, so more people than ever before know what’s really going on.. Security experts agree that putting backdoors in encryption technology and letting the government collect even more of our personal information won’t prevent attacks like the ones we saw last week.
The battle lines are being drawn, but some powerful voices have been listening and are weighing in on the side of freedom and logic. The influential New York Times editorial board just came out swinging with the headline: “Mass surveillance is not the answer to fighting terrorism.”
The details from Paris and Beirut are still emerging. The latest evidence suggests that the attackers were using totally unencrypted SMS messages. The facts haven’t stopped politicians and pundits from demonizing encryption, but the reality is that it’s still not clear exactly how this happened, or how it could have been prevented.
But what is clear is that now is not the time to make hasty decisions and rush to pass laws we’ve barely read. That path has failed us. Now is the time for informed, thoughtful, discussion about the causes of this violence and the real solutions to address it.
Weakening the encryption that protects our hospitals, power plants, airports, and personal information isn’t going to make us safer.
Collecting a giant haystack of data about hundreds of millions of innocent people is not going to stop the next attack.
We need real answers and solutions, not politicians scrambling spin this terrible situation to grab more power.
These decisions about encryption and mass surveillance will determine the type of world our children and our children’s children will live in. We shouldn’t let them be made for us by opportunistic politicians or violent attackers.
Yours for freedom and a better world, -Fight for the Future