CISA, a privacy-invasive "cybersecurity" surveillance bill is back in Congress. We're the privacy activists trying to stop it. AMA
The Senate may try to pass the Cybersecurity Information Sharing Act (CISA) before its summer recess. The zombie bill is a dangerous surveillance bill drafted by the Senate Intelligence Committee that is nearly-identical to CISPA due to its broad immunity clauses for companies, vague definitions, and aggressive spying powers.
Can you help us stop it? AMA
Answering questions today are: JaycoxEFF, nadia_k, drewaccess, NathanDavidWhite, neema_aclu, fightforthefuture, evanfftf, and astepanovich.
Proof it's us: EFF, Access, ACLU, Fight for the Future
You can read about why the bill is dangerous here. You can also find out more in this detailed chart (.pdf) comparing CISA to other bad cybersecurity bills.
Read the actual bill text here.
Visit the Stop Cyber Spying coalition website where you can fax your Senators and tell them to vote no on CISA.
Use a new tool developed by Fight for the Future to fax your lawmakers from the Internet. We want to make sure they get the message.
Help us spread the word. After you’ve taken action, tweet out why CISA must be stopped with the hashtag #StopCISA. Use the hashtag #FaxBigBrother if you want to automatically send a fax to your Senator opposing CISA. If you have a blog, join us by publishing a blog post this week about why you oppose CISA, and help us spread the word about the action tools at https://stopcyberspying.com/.
For detailed analysis you can check out this blog post and this chart.
Edit 1: to add links.
Edit 2: Responding to the popular question: "Why does CISA keep returning?"
Especially with ever worse data breaches and cybersecurity problems, members of Congress are feeling pressure to take some action to help in the area. They want to be able to say they did something for cybersecurity, but lobbyists and the intelligence community are pushing bad bills like CISA. Surveillance defenders like Sen. Richard Burr are also using every procedural tool available to them to help move these bills quickly (like holding meetings to discuss the bill in secret). They'll keep doing it until we win overwhelmingly and make the bill toxic for good, like we did with SOPA. That's why it's important that everyone takes action and ownership of this fight. We know it's easy to feel frustrated, but it's incredibly important for people to know how much their calls, emails...and faxes in this case, really matter. Congress wants to focus on things people are paying attention to. It's our job to make sure they know people are paying attention to CISA. We couldn't do it without all of you.
Edit 3: The east coast organizations have signed off for the day, but will be checking in every now and then to answer questions. Nadia and I will continue through 6pm PT. Afterwards, all of us will be checking this post over the next few days trying to answer any remaining questions. Thanks for all the support!
It's Congress job to represent the American public, and in order to do that they need to hear from us. They hear from corporate lobbyists ALL THE TIME who drop by their offices, have their personal cell phones etc. The tools we at FFTF build are designed to give the general public that same level of access to Congress.
So yeah, i guess i'd have to say #SorryNotSorry :-)
I'll let others answer the first part of the question. Thanks for asking!
They've heard from us a number of times at this point. It's fairly apparent they don't care what we think. They're going to pass this bill eventually. They're just waiting until enough people aren't paying attention.
Clearly, as a nation, we cannot continue to babysit congress indefinitely on every issue. Your argument is that, that's what we must do to be represented? Then we should do away with congress. It serves nopurpose.
They don't represent us. They just want people to think they do.
Members who've been on the issue before have certainly heard from you, but every session is different since a good chuck of lawmakers leave or lose elections.
Democracy requires vigilance and accountability. Following the issues and making sure your voice is heard--even if you have to raise your voice once a year--is incredibly important.
It seems like a lot of policy problems concerning the Internet are due to the fact that our policy makers are not sufficiently knowledgeable about technology/how things work. What do you think can be done, perhaps by citizens, perhaps by the political system itself, to help change that? Are there better alternatives to simply calling representatives and asking them to read up?
(Off topic question): what can anyone do to get involved in the EFF community?
And as a follow-up: if any of you went to college for CS, what were your favorite classes and why?
Some people have started floating the idea of recreating the Office of Technology Assessment. EFF aims to provide some education, but there's always more to be done since there are over 500 members of Congress. An important thing constituents can do is attend their representatives' town hall meetings and visit their offices. Members of Congress and their staffers are genuinely interested in hearing from their constituents; especially if they have specific subject-matter expertise.
There are a lot of ways to get involved in the EFF community. From visiting Techno Activism Third Mondays to volunteering to visiting your local hackerspace like Noisebridge or Sudo Room.
Didn't major in CS, but my favorite CS-related course is cryptography b/c of the math theory involved.
Electronic surveillance activism staggers because it often fails to relate to the public in a visceral way. How can coalitions like this one connect with people on an less wonky and more immediate level?
I think that's a good, and hard, question. We try to do that by providing every day examples users can relate to. Sometimes they are spot-on, others fall flat. Maybe we can also do this by taking a cue from John Oliver?
Oh, hey, I was actually about to email the general EFF conact email about what's going on with this bill since I had been seeing conflicting info on where it was at in the legislative process. So we need to contact our senators then?
Anyways, my main question is this: We've seen time and time again that when pieces of legislature about privacy and copyright fail to take off, things go quiet for a few years before more or less the same thing tries to go through with a new name: We've seen this with COICA, ACTA, PIPA, SOPA, and now the TPP and TTIP. We see this here with CISPA and CISA. If the focus is merely to try to raise awareness about each of these things as they come up, then, that's going to be infinite battle and one that is bound to be lost eventually.
What can be done to prevent that from ocuring in the first place, so that these same sort of things can't just be re-proposed once they fail, if anything? The TPA passing only made this issue worse (in regards to trade agreements, at least), so i'm worried the answer is "Not much".
For CISPA and CISA I think the answer is education. Education. And more Education. This includes every day Congressional staffers all the way up to the lawmakers themselves. The overarching point we try to make is that these bills don't actually address many of the problems we've seen in recent hacks or data breaches. I think a second a answer to your question involves more resources; in all senses of the term. The more people there are to explain why these bills are bad, the better.
When bills like this fail to pass, why do people continue to try and push them through? Will they keep doing it until it passes?
An important factor with CISPA and CISA in particular is that they are drafted by the intelligence committees in both the Senate and House. The intelligence committees do not seem to be backing down and that's why we have to have a powerful showing stopping these bills every single time.
Another issue deals with timing. The leaders on the Senate Intelligence Committee have introduced the bill and quickly forwarded it to the Senate floor. One reason the intelligence committees can quickly forward a bill is because they often mark it up in secret, behind closed doors, with little public participation. The faster a committee moves its bill, the higher chance there is the Senate will consider it.
How many names has this bill gone through now, and what are all the names they've tried to use to pass this bill?
Cybersecurity Information Sharing and Protection Act 112th, 113th, and 114th Congress (2011 to 2015)
Cybersecurity Information Sharing Act 113th and 114th Congress (2013-2015)
These bills go back to the 111th Congress (2009-2010) to the Cybersecurity Act of 2010.
How can i find out if my congressman has voted on it?
In addition to Drew's list you can look at past votes on: CISA 2013, CISPA 2013, and CISPA 2012.
Do we know who actually wrote this toxic mess of a bill?
The very original language probably goes back to the Senate and House Intelligence Committees around 2010, maybe earlier. We can thank Senator Richard Burr and Senator Dianne Feinstein for the 2014 version of CISA.
What will life be like after they finally get this bill through on the 23-27th time ?
Hopefully it doesn't come to that, but it opens up a good pitch for making sure you donate to groups like EFF. We're member-supported and rely on the donations to keep the lights on.
edited to add this answer on educating lawmakers: When it comes to the 23 or 27th time, I hope we're in the opposite predicament: too many members are proposing good bills around computer security.
If you were stranded on a island with a mermaid would you rather top half human and bottom half fish or top half fish and bottom half human?
Wouldn't the mermaid just swim off the island? JM Barrie taught me that they're only nice to people named Peter Pan.
I can't say I'm well versed with the subject, but judging from what I've seen on the news, What makes you think the failing of these bills will stop the government from invading our privacy?
One bill won't stop that. It takes a long, calculated, systematic approach from a wide variety of organizations that include ACLU, EFF, FFTF, and Access. CISA is only one bill, but stopping it will send a powerful message that the slice of privacy it aims to give to the government is unacceptable to users.
Why do you bother, knowing some secret court will pass this if the Senate doesn't?
While the Foreign Intelligence Surveillance Court can interpret the law, an issue Senator Wyden has brought to the forefront is a secret legal opinion written by the Department of Justice in 2003 relating to CISA and other cybersecurity bills. That secret interpretation of law should be made public.
Hi, EFF, FFTF, Access, ACLU and others! First of all, thank you for hosting this AMA and for doing the work you do. You are doing a great service for the good of the Internet.
The government has previously tried to introduce controversial bills like CIPSA and have been overturned. Given all the previous attempts, what do you think needs to happen for the government to realize that CISPA, CISA et al. simply are terrible ideas, and abandon their underlying concepts altogether? Will this ever happen?
Also, to FFTF: Do you ever feel bad for the massive amount of faxes, phone calls and e-mails you send to Congress?
View HistoryShare Link