The US Public Policy Council of the Association of Computing Machinery (ACM), representing ACM, came out against CISPA, the cybersecurity legislation recently passed by the US House. ACM is the world's largest organization for computer professionals. They are joining a diverse group of individuals and organizations opposing this bill, including a wide array of digital civil liberties organizations like EFF, computer scientists like Bruce Schneier and Tim Berners-Lee, and companies like the Mozilla Foundation.
CISPA is intended to protect America against cyberthreats, but destroys core privacy protections by providing vague definitions and unfettered access to personal communications by companies and government agencies. In one such example, ACM criticized the expansive definition for "cyberthreat information," which could "encompass everything from port scans to destruction of entire networks." We agree, and voiced identical concerns when CISPA was first released.
Vague definitions are accompanied by a vague standard for companies to make "reasonable efforts to limit the impact on privacy." Though the standard is well intended, ACM correctly identifies that the vague standard "fails to invoke any framework, standards, oversight, or controls to be used" for personal information. They also conclude that the bill creates "no meaningful support for collection minimization" and shares information that "could have nothing to do with cybersecurity"—problems that we have consistently highlighted in our commentary on CISPA. These large gaps in privacy protections highlight some of the core shortfalls we have voiced about CISPA.
Digital civil liberties groups, companies, and computer researchers are glad ACM joined the opposition to CISPA. The upcoming bills in the Senate share many similarities to CISPA and must be stopped. This is the reason why we vow to take the fight to the Senate, ask you to sign our petition against the Cyberspying Bills, and tweet your Congressmen.