[Air-L] Cybersecurity Information Sharing Act (CISA) Opposition Letter -- sign on by Monday @ 9pm eastern WITH LETTER

Dave Levine dave at hearsayculture.com
Mon Oct 26 00:09:39 PDT 2015


List ate my attachment; let's try again.

[apologies for cross-posting]

All, Derek Bambauer and I reproduce below this short one-page academic CISA opposition letter (referencing an April 2015 technologists' opposition letter, found here:  http://cyberlaw.stanford.edu/blog/2015/04/technologists-oppose-cisainformation-sharing-bills). It is very basic and to-the-point, as CISA is scheduled for a Senate vote on Tuesday:
http://www.politico.com/tipsheets/morning-cybersecurity/2015/10/whats-up-next-for-cisa-comey-wades-into-chip-card-debate-cyber-provisions-affected-by-ndaa-veto-210887.

If you'd like to sign, please email your name and affiliation to dsl2 at princeton.edu by MONDAY, OCTOBER 26 @ 9PM EASTERN. Sorry for the very short turn-around time.

Because of the short time, I'm not seeking edits. However, if you have a critical concern or find an error, or have any questions, please let me know.

Thanks much, Best, Dave

-----

Letter:

​​​​​​​October 26, 2015

An open letter to the United States Senate:

​We are professors who research and/or teach about cyberlaw and cybersecurity, and write to express our concerns about S. 754, the Cybersecurity Information Sharing Act (the “Act”).  In April, more than 60 technologists and computer and network security professionals wrote to express their concerns with the Act; we attach a copy of that letter below and echo the concerns raised in that letter.

​While recent amendments to CISA have attempted to address the significant privacy and surveillance concerns raised by the aforementioned technologists and others, the fundamental problem inherent in CISA remains. In sum, it will do little, if anything, to address the very real problem of flawed cybersecurity while creating conditions ripe for abuse.  Among other infirmities, it would: 

• Allow “voluntary” sharing of heretofore private information with the government, allowing secret and ad hoc privacy intrusions in place of meaningful consideration of the privacy concerns of all Americans. The Freedom of Information Act would be neutralized, while a cornucopia of federal agencies could have access to the public’s heretofore private-held information with little fear that such sharing would ever be known to those whose information was shared.
 
• Allow companies to attack cybersecurity threats, without clear limitations on their power or scope.
 
• Allow companies to do any and all of the above with little fear of facing legal consequences for poor judgment (or worse). 

Most significantly, it would do all of the above while doing little to address actual cybersecurity concerns. Rather than encouraging companies to increase their own cybersecurity standards, CISA ignores that goal and offloads responsibility to a generalized public-private secret information sharing network. CISA creates new law in the wrong places. For example, as the attached letter indicates, security threat information sharing is already quite robust. Instead, what are most needed are more robust and meaningful private efforts to prevent intrusions into networks and leaks out of them, and CISA does nothing to move us in that direction. 

​In sum, this is a classic “let’s do something” law.  While we laud Congress for taking notice of the significant cybersecurity threats facing US corporations, we fear that CISA will weaken privacy and encourage governmental surveillance, with little upside for the public. We hope you will review the attached letter and vote against CISA.

​For further information, questions or correspondence, please contact David S. Levine at dsl2 at princeton.edu.
​​​​​
Very truly yours,

​​​​​​Prof. David S. Levine
​​​​​​Princeton Center for Information Technology Policy
​​​​​​Elon University School of Law
​​​​​​Stanford Center for Internet and Society​
 
​​​​​​Prof. Derek Bambauer
​​​​​​University of Arizona College of Law
 
/attachment​​

~~~~~~~~~~~
David S. Levine
+Visiting Research Collaborator
Center for Information Technology Policy
Princeton University
+ Associate Professor and Chair, Faculty Development
Elon University School of Law
+ Affiliate Scholar
Center for Internet and Society
Stanford Law School
201 N. Greene St., Room A206
Greensboro, NC 27401
p: 336-279-9298
e: dlevine3 at elon.edu
radio: http://hearsayculture.com
SSRN: http://papers.ssrn.com/author=620105
Google Scholar: http://scholar.google.com/citations?user=Y9tVrU8AAAAJ&hl=en

Sent from my iPad.  All typos are Apple's fault.


More information about the Air-L mailing list