14 DAY TRIAL // Experts from a number of domains have sent an open letter to the US Congress to publicly state their disapproval of the Cyber Intelligence Sharing and Protection Act (CISPA) and other “bad” cybersecurity laws.
Among those who signed the letter we find security researcher and cryptographer Bruce Schneier, Donald Eastlake, the architect of DNS Security, Jonathan Weinberg, professor of law at Wayne State University, Principal Engineer Peter G. Neumann, and many other academics, engineers, security experts and professionals.
“We have devoted our careers to building security technologies, and to protecting networks, computers, and critical infrastructure against attacks of many stripes,” the letter reads.
“We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties.”
US lawmakers are primarily warned of the risks posed by the newest anti-piracy legislation, CISPA, but the experts agree that other similar bills also unnecessarily trade civil liberties for network security.
“As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties,” they wrote.
The supporters of this initiative believe that an efficient cybersecurity law should not contain vague terms when describing cyber threats and countermeasures.
An interesting point they make refers to bills that offer immunity to companies that violate the privacy of individuals, even if they don’t have enough evidence to show that what they’re doing is illegal. They state that such legislation should be rejected immediately.
Furthermore, they claim that data collected through cybersecurity programs should not be used when prosecuting someone for crimes that are not related.
Finally, laws such as the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act, and others that protect a user’s privacy should be respected by anyone and new bills should not allow any organizations to ignore them.