[TriLUG] [Novalug] Fwd, time sensitive: Technologists sign on letter re CISA bill, info sharing (fwd)

William Sutton via TriLUG trilug at trilug.org
Sun Apr 12 10:01:08 EDT 2015


Saw this come across the NoVALUG list.  The text of the CISA bill is at

https://www.govtrack.us/congress/bills/114/s754/text

Rich (who forwarded this to the NoVALUG list) included some additional 
background links.

William Sutton

---------- Forwarded message ----------
Date: Sun, 12 Apr 2015 07:24:18 -0400
From: Rich Kulawiec via Novalug <novalug at firemountain.net>
Reply-To: Rich Kulawiec <rsk at gsp.org>
To: novalug at firemountain.net
Subject: [Novalug] Fwd,
     time sensitive: Technologists sign on letter re CISA bill, info sharing

This came in via Dave Farber's excellent "IP" mailing list, which *everyone*
in computing should be on.  The attached PDF is the letter that Jennifer's
referring to.  Note that tonight at 8 PM EDT is the deadline if you intend
to sign onto this (I'm going to).

---rsk

----- Forwarded message from Dave Farber <dave at farber.net> -----

> Date: Thu, 9 Apr 2015 14:05:30 -0400
> From: Dave Farber <dave at farber.net>
> To: ip <ip at listbox.com>
> Subject: [IP] Technologists sign on letter re CISA bill, info sharing
>
> ---------- Forwarded message ----------
> From: "Jennifer Granick" <jennifer at granick.com>
> Date: Apr 9, 2015 2:01 PM
> Subject: Technologists sign on letter re CISA bill, info sharing
> To: "Dave Farber" <dave at farber.net>
> Cc:
>
> Dave,
>
> In case you think people on IP may be interested...
>
> Tl;dr: This is a solicitation for security experts and technologists to
> sign a letter to Congress opposing purported info sharing bills that
> actually waive privacy laws and enable more surveillance. Thanks for any
> help you can give.
>
>
>
> Hello,
>
> As you may know, there are three cybersecurity information sharing bills
> pending before Congress right now. These bills would weaken privacy laws
> and enable surveillance at a time when we need stronger privacy
> protections. These are surveillance bills, not security bills.
>
> Every one of the bills is an end run around privacy laws in the name of
> improving security information sharing with the Department of Homeland
> Security (DHS). The bills define "cyber threat indicators" in a confusing
> manner that could include server logs, the contents of emails, damage
> estimates, and more. This kind of private data is not what is generally
> needed to secure systems. Nevertheless, the bills say that private entities
> will be immune from liability for sharing this information  with DHS (and
> other parts of government) "notwithstanding" any privacy laws.
>
> Surveillance reform advocates are trying to stop these bills. There is a
> lot of support in Congress and from the White House. So, to succeed, we
> need your help and we need it now. We expect the bills to come to a vote
> mid-April.
>
> As a security expert, would you be willing to sign a letter helping to
> educate Congress about what kind of information experts actually share to
> further cybersecurity and secure systems from future attack? By helping
> Congress understand what information is useful in security, we can stop a
> bill that would needlessly waive privacy.
>
> Please let me know if you can sign on by no later than 8pm ET Sunday, April
> 12. Email to jennifer at law.stanford.edu your name, title and affiliation.
> We plan to use your titles and affiliations for information purposes only,
> not to indicate that your employer is also signing the letter. For example,
> my signature would be Jennifer Stisa Granick, Director of Civil Liberties,
> Stanford Center for Internet and Society* and the asterick text would say
> "*Titles and affiliations are for information purposes only." If you want
> to sign but don't want to include your title or affiliation, or don't have
> one, please indicate so, and we will respect your wishes.
>
> My plan is to circulate the letter to the sponsors of the bills and to the
> rest of Congress on Monday, April 13.
>
> Please feel free to email me or set up a call with me if you have any
> questions about the bills or the letter.
>
> Once again, I can be reached at jennifer at law.stanford.edu
>
> Finally, please do forward this request to anyone you think might be
> knowledgeable about security information sharing, and interested in sighing
> the letter.
>
> For more information on these laws, you can read here:
>
> Jennifer Granick - The Right Way to Share Information and Improve
> Cybersecurity:
> http://justsecurity.org/21498/share-information-improve-cybersecurity/
>
> OTI VERSION 2.0 OF THE SENATE INTELLIGENCE COMMITTEE'S CYBER INFORMATION
> SHARING ACT IS CYBER-SURVEILLANCE, NOT CYBERSECURITY:
> http://www.newamerica.org/oti/version-20-of-the-senate-intelligence-committees-cyber-information-sharing-act-is-cyber-surveillance-not-cybersecurity/
>
> CDT Analysis of Cybersecurity Information Sharing Act of 2014:
> https://cdt.org/insight/analysis-of-feinstein-chambliss-cybersecurity-information-sharing-act-of-2014/
>
>
>
> Thank you for your time, attention, and assistance in this important matter.
>
>
>
-------------- next part --------------
**********************************************************************
The Novalug mailing list is hosted by firemountain.net.

To unsubscribe or change delivery options:
http://www.firemountain.net/mailman/listinfo/novalug


More information about the TriLUG mailing list