Elon Law Professor David S. Levine was joined by 20 cyberlaw and cybersecurity professors and researchers in calling for the U.S. Senate to reject the Cybersecurity Information Sharing Act ("CISA"). Their Oct. 26 letter points to legal and privacy issues arising from the legislation and the bill's weaknesses in advancing solutions to cybersecurity challenges.
The Oct. 26 letter from 21 cyberlaw and cybersecurity professors opposing CISA is available here.
Endorsing the concerns raised in an April 2015 technologists’ letter, the signatories argue that the fundamental problem with CISA is that it will achieve little to address the real cybersecurity challenges facing U.S. industry.
Moreover, the letter points out three primary CISA downsides, specifically, that it will
- “Allow ‘voluntary’ sharing of heretofore private information with the government, allowing secret and ad hoc privacy intrusions in place of meaningful consideration of the privacy concerns of all Americans. The Freedom of Information Act would be neutralized, while a cornucopia of federal agencies could have access to the public’s heretofore private-held information with little fear that such sharing would ever be known to those whose information was shared.
- “Allow companies to attack cybersecurity threats, without clear limitations on their power or scope.
- “Allow companies to do any and all of the above with little fear of facing legal consequences for poor judgment (or worse).”
Suggesting that the bill is a classic “let’s do something law,” the signatories urged the Senate to reject CISA.
Levine’s coordinated action with other scholars in opposition led to the following news coverage:
“‘At its core, the biggest issue is that there is enough vagueness and lack of clarity in CISA that privacy concerns are very warranted. If we were to engage those concerns, we would want to do so because there are upsides and benefits from CISA,’ David S. Levine, a professor at Elon University School of Law. ‘In the case of this bill, it does little to nothing to actually address the problem of cybersecurity because it is an information sharing bill where information is already being shared.’
“Levine, who is also affiliated with the Princeton Center for Internet and Society and the Stanford Center for Internet and Society, was among a group of professors who penned a letter to the Senate in opposition of the bill.”
“Ahead of the vote a group of university professors specializing in tech law, many from the Princeton Center for Information Technology Policy, sent an open letter to the Senate, urging them not to pass the bill. The bill, they wrote, would fatally undermine the Freedom of Information Act (Foia). Led by Princeton’s David S Levine, the group joined a chorus of critics including many of the largest technology companies, notably Apple, and National Security Agency (NSA) whistleblower Edward Snowden in calling for Cisa to be scrapped.”
“And a group of 21 professors who teach cyberlaw and cybersecurity, led by Prof. David S. Levine of the Elon University School of law, wrote to the Senate at the last minute on Monday, urging a no vote, arguing that it would not do what its supporters claim – improve cybersecurity – and would do what supporters claim it won’t – allow ‘backdoor’ government surveillance. ‘The Freedom of Information Act would be neutralized, while a cornucopia of federal agencies could have access to the public’s heretofore private-held information with little fear that such sharing would ever be known to those whose information was shared,’ the letter said, adding that CISA is, ‘a classic ‘let’s do something’ law.’”
Electronic Frontier Foundation (EFF), Oct. 27.
Questions or comments can be addressed to the letter’s author, David S. Levine at dsl2@princeton.edu. Levine is Associate Professor, Elon University School of Law; Visiting Research Collaborator, Center for Information Technology Policy, Princeton University; Affiliate Scholar, Center for Internet and Society, Stanford Law School.