Last week, CISPA (Cyber Intelligence Sharing and Protection Act, H.R. 3523) passed the House. Now, the process moves on to the Senate, where the primary equivalent bill is the Cybersecurity Bill of 2012 or S. 2105. These security bills intend to modernize laws that govern the sharing of "cyber threat information" between private companies and the government, which is a reasonable goal. Cybersecurity is a serious issue, but we do not need to sacrifice privacy and due process to protect our networks. We are against CISPA and any other cybersecurity bills that don't precisely define what information can be shared between private companies and the government, how that information can be used, and adequate safeguards to ensure these protections.
The privacy concerns for internet users are clear and we all share those as individuals, but why should a company like reddit be against such a bill? Even though reddit is exactly the type of business that these bills are supposed to help, we believe that CISPA would actually harm us. Anything that undermines the ability of users to trust that their private information will remain private ultimately affects a company's bottom line.
It's similar to the concept of restaurant health codes. Even though they are limited by health codes, restaurants ought to support them because it helps their customers trust that the food is safe to eat. We want our users to trust that their private data is safe, so it is in our own self-interest to oppose these bills which would remove reasonable liabilities we would have for sharing private data without due process. At reddit, we collect relatively little user information, but we are still stewards of vast amounts of private data, and believe it is critical to our business that there are clear and precise laws protecting this data.
All that being said, these are complex issues and we have a tonne of questions:
Just how bad are these bills? Can they be improved? Can they be stopped? Who is really supporting the bills and why? How do we as a community and how does reddit as a company make sure the Internet remains free and open?
Like many of you, we are not legislative or policy experts, and have been focused on other things, so we all have some catching up to do, and there's only one way to catch up in a short amount of time... it's montage time [cue brass heavy inspirational music].
- Read the bills - [H.R. 3523, S. 2105 also S. 2151], and this comparison chart (pdf).
- Check out r/evolution 's outstanding CISPA Action List & Senate Cybersecurity Bill Guide.
- Get involved in some of the subreddits discussing cyber laws or working to address related issues.
- Join in the discussions with Cyber Security Bill experts on r/IAMA and elsewhere on reddit:
- Jim Dempsey and Mark Stanley from CDT (Center for Democracy and Technology)
- Free Press' policy director Matt Wood
- Journalists from The Verge who have been covering CISPA etc
- Peter Micek, lawyer and Legal Fellow at Access, an international NGO mobilizing for internet freedom
- more to come!
- Watch these videos about CISPA and cybersecurity.
- Help us figure out how the reddit admins can better help the community protect a free and open Internet on an ongoing basis.
- Contact your elected officials and make your voice heard.
Next week we will be aggregating some of the best parts from the various expert IAMAs and other discussions on reddit into a media friendly primer, which will be suitable for sharing with your local news, relatives, book club, coven, etc. Keep it up, reddit. You're the best. Around.