IT Professionals and Security Experts Stand Against CISPA

When the Internet last saw legislation it didn’t like, the response was heard loud and clear. Major websites, like Facebook and Google, openly protested the Stop Online Piracy Act (SOPA) legislation, which, they argued, threatened the future of the Internet.

Now, some technologists are saying we’re in for a sequel with the Cyber Intelligence Sharing and Protection Act (CISPA). This bill lets Internet service providers (ISPs) turn over network data and information to vendors and government agencies as part of a cybersecurity program to collaborate more effectively. But, say opponents, the legislation is a Trojan horse that will grant ISPs and the government broad and unchecked powers that threaten user privacy rights.

This time, unlike SOPA, Facebook is actually ok with many portions of CISPA. But that doesn’t mean the rest of the Internet is joining the social network in agreement.

Information security blog ThreatPost reports on the opposition letter sent to Congress by a group of IT security experts and professionals. In the letter, the opposition doesn’t argue with the intent of the legislation, but with the language, which they describe as vague and overly broad.

The technologists, researchers and academics who signed the letter sent to congressmen this week said that the promise of better network security in return for this kind of data sharing is not a valid one.

"As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties," they write in the letter.

CISPA, introduced last fall by Rep. Michael Rogers (R-MI), is designed, in part, to allow intelligence agencies to share information about ongoing threats and attacks, not just among themselves but also with appropriate private-sector companies. Critics worry that the bill would eliminate some of the existing protections against warrantless wiretapping and electronic eavesdropping and would not give users any knowledge of or recourse against the sharing of their private communications.

The balance between maximizing network, data and endpoint security and respecting user privacy is a difficult one to get right. The White House has already threatened to veto CISPA in its current form, while a formal vote on the bill is expected this Friday.