(Re-posted from Facebook.)
Earlier this year, many of our organizations wrote to state our opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We write today to express our continued
opposition to this bill following its markup by the House Permanent Select Committee on Intelligence (HPSCI). Although some amendments were adopted in markup to improve the bill’s privacy safeguards, these amendments were woefully inadequate to cure the civil liberties threats posed by this bill. In particular, we remain gravely concerned that despite the amendments, this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, including with military agencies.
CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command.
Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs.
These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and a requirement that companies make “reasonable efforts” to remove personal information that is unrelated to the cyber threat when sharing data with the government. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed earlier this year that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so.
We continue to oppose CISPA and encourage you to vote ‘no.’
Privacy is essential to the exercise of free speech, free thought, and free association. The courts have established a First Amendment right to receive information in a publicly funded library. Further, the courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. Many states provide guarantees of privacy in their constitutions and statute law. Numerous decisions in case law have defined and extended rights to privacy
In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.
Protecting user privacy and confidentiality has long been an integral part of the mission of libraries. The ALA has affirmed a right to privacy since 1939. Existing ALA policies affirm that confidentiality is crucial to freedom of inquiry. Rights to privacy and confidentiality also are implicit in the Library Bill of Rights’ guarantee of free access to library resources for all users.”