A former executive at BitTorrent, Inc. known for inventing a highly successful credit card fraud detection technology has joined 50 other Internet professionals, educators, engineers, policy makers and entrepreneurs in beseeching Congress to abandon a bill that would merge corporate networks with the National Security Agency (NSA).
That bill, the Cyber Intelligence Sharing and Protection Act (CISPA), and its Senate version, the SECURE IT Act (PDF), would "nullify current legal protections against wiretapping and similar civil liberties violations," the group warned in an open letter published Monday night.
"We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties," they wrote.
The letter's signatories include a Wired magazine columnist, a board member at the Electronic Frontier Foundation, the creator of DNS Security, a former economic assistant to President Barack Obama, and John Pettitt, the former vice president of engineering at BitTorrent, Inc. who invented a widely used system that roots out online credit card fraud.
"Any time you've got a bill that has extensive powers and very vaguely worded definitions, that gives immunity to people for things that used to be illegal, you've got to look at how this bill could be used negatively," Pettitt explained to Raw Story. "You've got to look at the history, and the history here is clear. The Patriot Act, for instance. If you give people broad powers, they'll use them for things they were never intended for."
Their letter cautions that Congress should not approve any legislation that "uses vague language" to describe IT threats and countermeasures, exempts "cybersecurity" efforts to relevant laws, provides immunity to private companies if they violate customers' privacy or allows data to be collected in such a way that people who aren't cyber criminals are swept up for other crimes.
That last item is of particular concern with CISPA because it defines "cyber threat intelligence" to include "theft or misappropriation of private or government information, intellectual property, or personally identifiable information." That means corporations and the U.S. government would be able to spy on journalists and whistleblowers, or people who simply download copyrighted materials, with zero judicial oversight.
"Clearly, when you add intellectual property into a list of cyber threats, it immediately evokes specters of [the Stop Online Piracy Act] and all the other bizarre attempts to make copying bits into a criminal offense," Pettitt added. "That's not something you want to mix. National security and, 'Did someone download a movie?' are not the same thing."
"By encouraging the transfer of users' private communications to US Federal agencies, and lacking good public accountability or transparency, these 'cybersecurity' bills unnecessarily trade our civil liberties for the promise of improved network security," the letter explains. "As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties."
CISPA, drafted by Rep. Mike Rogers (R-MI) last fall and backed by some of the largest firms in tech -- including Google and Facebook -- is expected to come up for a vote in the House of Representatives sometime this week. Although Rogers has said he's confident it will pass, the Obama Administration has warned that the president might not sign it if the bill does not attempt to safeguard user privacy.
Photo: Shutterstock.com, all rights reserved.
Updated with quotes.