Oh look. It’s that CISA surveillance bill again. Didn’t we defeat that? Not yet. One last chance (for real) to #StopCISA. Ask activists from Fight for the Future, Access, EFF, and Demand Progress anything about CISA.

I supported FFTF and EFF for a good while, but you basically campaigned me to death. I eventually had to unsubscribe from your emails as I wasn't even reading them any more... Because there were so many. I felt I was being spammed.

This doesn't mean I don't care, but only that I have human limits about things I can focus on and when I'm being bombarded frequently, even by positive information... It's tiring.

How do you intend to balance catching people's attention in the maelstrom that is the information age with overwhelming people in your attempts to do so? Do you feel I am an oddity and you do a good job overall? Do you see a need to improve your methodology?

Edit: I still support your cause, but now only through news articles and Reddit threads I happen to see.

As you can tell, we think it's important to reach out to folks about pressing issues, especially because email is still one of the most powerful ways to reach people, organize, and open up the political process. Ideally, and we're working on this and I know EFF and others are too, we figure out ways people DO want to help out and be informed about what's happening, like with either a mobile app or other notifications, and to get your specific feedback about what you don't want to hear about and what you do want to hear about. As we're trying to win on some of the biggest issues of the day that must be won and fought on, we have to build a system and movement together, so we hope you'll help us do that by giving us ways that you do want to be in touch and pitch in with contacts to decisionmakers.

Have you considered adding email notification settings like how it's done by non-charity sites/services?

E.g. For Steam (an online game store) I can go to their site and in my email settings there I am given a bunch of options (via checkboxes) so I can customize the type and frequency of email notifications I will be sent... such as "when an item on my wishlist is on sale send me a notification email". Facebook also has similar notification settings.

In your case, it certainly sounds like some people clearly want a "only send me emails for impending critical issues/votes" option or something similar.

Or like someone else suggested, maybe a monthly newsletter? That seems more appropriate and less invasive.

A monthly newsletter is good for a roundup but it isn't for taking action when it matters, as so much does change. It's something we'll most likely offer when we get a breather (we're smaller and a little younger but we'll definitely tackle this soon)/ We totally don't want to be reaching people who don't want to hear from us, so yeah we hope that only people who want to hear from us are on the list!

Why an app? This seems totally unnecessary and a waste of time/energy/$. Not everything needs an app.

Some people feel like it's the most seamless (not annoying) way for them to take action, it could be the most efficient way too -- see a notification, look at it, click to take action in one spot. It also means we don't have to depend on so many gatekeepers -- facebook, gmail, commercial email ISP's, etc. That said, we're wary of making something unnecessary and doing this in a lightweight way.

What will it take to make this bill - or any slight variation of it - fuck off for good?

I think we can put an end to CISA for good. We just need to kill it so bad that it becomes toxic and no one in Congress wants to go anywhere near it ever again. That's what happened to SOPA, so we know it's possible. The companies behind this would no doubt continue to try to sneak it through in some other form, but making Congress afraid to touch CISA or similar bills would be a huge step in the right direction.

Why isn't there some kind of rule to prevent failed legislation from being reintroduced so often?

It seems like we need something like that, though it would be quite the sea change. Right now, they keep bringing back failed legislation and in the last 24 hours of this fight, we really can't risk not signing petitions, calling, tweeting and sharing online like here on reddit (which turns out matter a lot) to make sure we kill this bill first. But, that's why we do need to change the way politics is done and not just money in politics, but open up the political process in millions of ways, including by demanding public accountability every step of the way using online and other means, and building a new kind of political movement that is resilient to the Chamber and other big industry doing this kind of thing, and passing possibly something like you suggest.

What companies want CISA to be passed?

Lots of big legacy monopolies like big banks, telecoms, and defense contractors. Most tech companies have come out against it for privacy reasons. We're hearing that Facebook is the lone major tech company that is quietly lobbying for it still.

MapLight has a good list of supporters (the opposition doesn't seem to be up to date): http://maplight.org/us-congress/bill/114-s-754/6636586/total-contributions

Also, it's many of the companies that seem to know the least or are the most reckless about privacy and security -- Chamber of Commerce, banks, Target, Experian. The Chamber themselves are the ones that lobbied to take out real cybersecurity measures like having good security, and helped to create this bill that goes beyond strict cyberthreat data sharing to expansive info-sharing with 7 federal agencies for more than just cybersecurity purposes.

TL;DR?

CISA is a bill about to pass the Senate that gives companies legal immunity for violating privacy laws as long as they share data with the government. We're asking people to help us stop it.

Why would you say this is our one last chance when there have been many bills beforehand? You honestly believe if this gets voted down they won't try again? That's optimistic to the point of stupidity

It's more that CISA will pass on Tuesday if we don't do anything, and it is barrelling forward towards passage. We need to pull off senators who are on the fence to vote against CISA, or this bill becomes law. And, this fight is a bit different now. CISA has come up in the past, but dynamics are shifting against it right now with a bunch of big tech companies now saying it's bad for privacy. We're also just beginning to understand and relay the extent to which CISA is really about ramping up NSA power to bulk scrape Internet communications. The more we study this, the worse it seems and the more people and companies dislike it. See here: https://www.techdirt.com/articles/20151026/10050332638/reading-tea-leaves-to-understand-why-cisa-is-surveillance-bill.shtml

Why do they do this? Do they actually think "maybe this time it will work!"?

It's a well-established strategy that has gotten a lot of bad legislation through in the past. Just keep resurrecting the bad laws, sometimes in slightly different forms with new names, and wear out the opponents.

Yeah, they think they can wear us down. The only way to stop this for people to come out so strong against this that it becomes toxic and Congress never wants to touch it again.

The other side has lots of money to spend but even their game is getting split open more and more. But, as Evan from FFTF said: i think it's definitely true that there will always be an ongoing battle between forces of authoritarianism and those who advocate for freedom, but to paraphrase MLK the arc of moral history bends toward justice.

Who rules on these bills? Is it a senate/house committee or judge? This seems like something you could sue all the way up to the supreme court for unreasonable search type of deal.

CISA specifically exempts itself from FOIA, so it will be impossible to know what's being shared and what personal information is included. That will make it much more difficult to challenge through the courts.

First off, thank you for doing this AMA. It's good to know there are people out there fighting to defend us regular folks.

I do plan on calling my lawmaker and expressing my dissatisfaction with the proposed legislation, but I'm curious to know why these cyber bills keep coming up. I hear of the negatives, but are there any positives to it? (Besides helping the NSA, obviously).

Thanks!

Not really. CISA used to be attached to a larger bill that called on companies operating "crucial infrastructure" to follow basic cybersecurity standards. That seems like a good idea, but the US Chamber of Commerce lobbied hard to get that removed. There is literally nothing in the current form of CISA that would directly improve security on computer networks.

Why can't we get a bill passed into law stating 'the privacy of the people on the internet shall not be infringed upon' or something like that?

How about something like this?:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Is it to the NSA? Or is it to the DHS which will act as an information sharing hub for cybersecurity defense among the private sector?

The information sharing hub would be run by DHS, but the bill calls for all information to be automatically shared with all other departments, including DoD/NSA. There is also an amendment that may pass that would add the FBI to the auto-share list.