What Would CISPA Mean For You?

Print Friendly, PDF & Email

CISPA may have cleared the U.S. House of Representatives, but the fight isn’t over. It’s shifted to the U.S. Senate. Here’s CNET’s FAQ on what you need to know about this particularly controversial Internet bill.

By Declan McCullagh

April 27, 2012 “CNET” — It took a debate that stretched to nearly seven hours, and votes on over a dozen amendments, but the U.S. House of Representatives finally approved the Cyber Intelligence Sharing and Protection Act on April 26.

Passions flared on both sides before the final vote on CISPA, which cleared the House by a comfortable margin of 248 to 168.

CISPA would “waive every single privacy law ever enacted in the name of cybersecurity,” Rep. Jared Polis, a Colorado Democrat and onetime Web entrepreneur, said during the debate. “Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on.”

Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee and author of CISPA, responded by telling his colleagues to ignore “all the things they’re saying about the bill that are not true.” He pleaded: “Stand for America! Support this bill!”

While CISPA initially wasn’t an especially partisan bill — it cleared the House Intelligence Committee by a vote of 17 to 1 last December — it gradually moved in that direction. The final tally was 206 Republicans voting for it, and 28 opposed. Of the Democrats, 42 voted for CISPA and 140 were opposed. House Minority Leader Nancy Pelosi said afterward on Twitter that CISPA “didn’t strike the right balance” and Republicans “didn’t allow amendments to strengthen privacy protections.”

The ACLU, on the other hand, told CNET that the amendments — even if they had been allowed — would not have been effective. “They just put the veneer of privacy protections on the bill, and will garner more support for the bill even without making substantial changes,” said Michelle Richardson, legislative counsel for the ACLU.

Keep reading for some more details from CNET’s FAQ about what you need to know about CISPA.

Q: What happens next?

CISPA heads to the the Senate, where related cybersecurity legislation has been stalled for years. Senate Majority Leader Harry Reid, however, has said he’d like to move forward with cybersecurity legislation in May. Its outlook is uncertain.

Senate Democrats may be less likely than House Republicans to advance CISPA after the White House’s veto threat on April 25. The administration said CISPA “effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.”

CISPA’s opponents are already rallying Americans to contact their senators to oppose CISPA. Demand Progress has created a petition. The Electronic Frontier Foundation says it “vows to continue the fight in the Senate.”

Q: What does CISPA do? Let the National Security Agency spy on Americans?

CISPA wouldn’t formally grant the NSA or Homeland Security any additional surveillance authority. (A proposed amendment that would have done so was withdrawn on April 26.)

But it would usher in a new era of information sharing between companies and government agencies — with limited oversight and privacy safeguards. The House Rules committee on April 25 rejected a series of modestly pro-privacy amendments, which led a coalition of civil-liberties groups to complain that “amendments that are imperative won’t even be considered” in a letter the following day.

Q: Who opposes CISPA?

Advocacy groups, including the American Library Association, the Electronic Frontier Foundation, the ACLU, and the libertarian-leaning TechFreedom, launched a “Stop Cyber Spying” campaign in mid-April — complete with a write-your-congresscritter-via-Twitter app — and the bill has drawn the ire of Anonymous.

A letter (PDF) from two dozen organizations, including the Republican Liberty Caucus, urges a “no” vote on CISPA, and over 750,000 people have signed an anti-CISPA Web petition. Free-market and libertarian groups have opposed it. The Center for Democracy and Technology flip-flopped twice on CISPA as the result of a short-lived deal with the bill’s authors not to criticize it.

Rep. Ron Paul, the Texas Republican and presidential candidate, warned on April 23 that CISPA represents the “latest assault on Internet freedom” and was “Big Brother writ large.” And 18 Democratic House members signed a letter (PDF) the same day warning that CISPA “does not include necessary safeguards” and that critics have raised “real and serious privacy concerns.”

Q: Why is CISPA so controversial?

What sparked significant privacy worries is the section of CISPA that says “notwithstanding any other provision of law,” companies may share information “with any other entity, including the federal government.” It doesn’t, however, require them to do so.

By including the word “notwithstanding,” House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) intended to make CISPA trump all existing federal and state civil and criminal laws. (It’s so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may “have unforeseen consequences for both existing and future laws.”)

“Notwithstanding” would trump wiretap laws, Web companies’ privacy policies, gun laws, educational record laws, census data, medical records, and other statutes that protect information, warns the ACLU’s Richardson: “For cybersecurity purposes, all of those entities can turn over that information to the federal government.”

If CISPA were enacted, “part of the problem is we don’t know exactly what’s going to happen,” says Lee Tien, an attorney at the Electronic Frontier Foundation, which sued AT&T over the Bush administration’s warrantless wiretapping program. “I worry that you can get a version of cybersecurity warrantless wiretapping out of this.”

CISPA’s authorization for information sharing extends far beyond Web companies and social networks. It would also apply to Internet service providers, including ones that already have an intimate relationship with Washington officialdom. Large companies including AT&T and Verizon handed billions of customer records to the NSA; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.

Q: Are there other examples of this public-private cooperation for eavesdropping?

Unfortunately, yes.

Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies including Western Union secretly turning over copies of all messages sent to or from the United States. “All of the big international carriers were involved, but none of ’em ever got a nickel for what they did,” Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA’s inspector general.

The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA’s headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.

President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock’s electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized an intercept program. Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda and the Rev. Martin Luther King Jr.

This apparently has continued. In his 2006 book titled “State of War,” New York Times reporter James Risen wrote: “The NSA has extremely close relationships with both the telecommunications and computer industries, according to several government officials. Only a very few top executives in each corporation are aware of such relationships.”

In a recent Wired article, author James Bamford described how the NSA is currently building the nation’s biggest spy center, a $2 billion facility in the Utah desert. Bamford quoted William Binney, a former NSA official, as saying the NSA’s backdoor into the U.S. telecommunications network goes far beyond AT&T’s facility on Second Street in San Francisco. “I think there’s 10 to 20 of them,” Binney said. “That’s not just San Francisco; they have them in the middle of the country and also on the East Coast.”

Q: Would CISPA allow companies to violate their terms of service by turning over information to the Feds without a search warrant?

Yes. Though to be clear: if you trust your Internet provider, e-mail provider, and so on, to protect your privacy, CISPA should not be a worrisome bill. The U.S. government can’t force companies to open their databases and networks; federal agencies can only request it. But as the warrantless wiretapping debate shows, the private sector may acquiesce.

One reason CISPA would be useful for government eavesdroppers is that, under existing federal law, any person or company who helps someone “intercept any wire, oral, or electronic communication”–unless specifically authorized by law–could face criminal charges. CISPA would trump all other laws.

Q: What’s the argument for enacting it?

A position paper on CISPA from Reps. Rogers and Ruppersberger says their bill is necessary to deal with threats from China and Russia and that it “protects privacy by prohibiting the government from requiring private sector entities to provide information.” In addition, they stress that “no new authorities are granted to the Department of Defense or the intelligence community to direct private or public sector cybersecurity efforts.”

During the April 26 floor debate, Rogers said:

In just the last few years, nation states like China have stolen enough intellectual property from just defense contractors, that would be equivalent to 50 times the print collection of the US Library of Congress. We have nation states who are literally stealing jobs and our future. We also have countries that are engaged in activities and have capabilities that have the ability to break networks, computer networks. Which means you can’t just reboot. It means your system is literally broken. Those kinds of disruptions can be catastrophic when you think about the financial sector, or the energy sector, or our command and control elements for all our national security apparatus.

You know, without our ideas, without our innovation that countries like China are stealing every single day; we will cease to be a great nation. They are slowly and silently and quickly stealing the value and prosperity of America. One credit card company said that they get attacked for your personal information 300,000 times a day, one company.

Q: What industry groups support CISPA?

One of the biggest differences between CISPA and its Stop Online Piracy Act predecessor is that the Web blocking bill was defeated by a broad alliance of Internet companies and millions of peeved users. Not CISPA: the House Intelligence committee proudly lists letters of support from Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T, Intel, and trade association CTIA, which counts representatives of T-Mobile, Sybase, Nokia, and Qualcomm as board members.

In February, Facebook VP Joel Kaplan wrote (PDF) an enthusiastic letter to Rogers and Ruppersberger to “commend” them on CISPA, which he said “removes burdensome rules that currently can inhibit protection of the cyber ecosystem.”

By mid-April, however, Facebook had been forced on the defensive, with Kaplan now assuring users that his employer has “no intention” of sharing users’ personal data with the Feds and that section is “unrelated to the things we liked” about CISPA in the first place. (A Demand Progress campaign says: “Internet users were able to push GoDaddy to withdraw its support of SOPA. Now it’s time to make sure Facebook knows we’re furious.”)

Q: Was CISPA rushed through the House?

Not really. It was introduced in late November 2011 and approved by the House Intelligence Committee a few weeks later. So the public had approximately five months to review the bill before the April 26 House floor vote.

On the other hand, CIPSA did move relatively swiftly through the legislative process, and the House Republican leadership moved up the floor vote by one day at the last moment.

During a town hall that CNET hosted on April 19 in San Francisco, a House Intelligence aide argued that it was a deliberative process. CISPA opponents say the measure is being “rushed through,” said senior counsel Jamil Jaffer. “I can’t disagree with that more.”

Q: Is CISPA worse than SOPA?

For all its flaws, SOPA targeted primarily overseas Web sites, not domestic ones. It would have allowed the U.S. attorney general to seek a court order against the targeted offshore Web site that would, in turn, be served on Internet providers in an effort to make the target virtually disappear.

It was kind of an Internet death penalty targeting Web sites like ThePirateBay.org, not sites like YouTube.com, which are already subject to U.S. law.

CISPA, by contrast, would allow Americans’ personal information to be vacuumed up by government agencies for cybersecurity and law enforcement purposes, as long as Internet and telecommunications companies agreed. In that respect, at least, its impact is broader.

Declan McCullagh is the chief political correspondent for CNET. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People’s Money column for CBS News’ Web site.


  1. CISPA Legislation, Will Escalate Government Asset Forfeiture

    CISPA the Cyber Intelligence Sharing and Protection Act if signed into law will allow——the military and NSA warrant-less spying on Americans’ confidential electronic Communications; any transmitted private information circumventing the fourth amendment. CISPA will allow any self-protected cyber entity to share with the Feds any person’s private information that might allegedly relate to a cyber threat or crime. Considering the U.S. Government’s current business relationship with telephone and Internet companies, it should be expected the feds would use CISPA to gain unprecedented access to lawful Americans’ private electronic communications. Almost every week news media reports corrupt police arrested for selling drugs, taking bribes and perjury. It is foreseeable that broad provisions in CISPA that call for private businesses’ cyber entities to share among themselves and with Spy Agencies confidential information will open the door for corrupt government, police and entity employees to sell a corporations’ confidential information to its competitors, foreign government and others. CISPA provides insufficient safeguards to control disposition of (shared) confidential corporate and client entity information, including confidential information shared by spy agencies with private and government entities derived from spying on Americans.

    Ironically Government can use CISPA to (covertly certify employees) of a Government approved certified cyber self-protected entity—to spy on their certified employer; and clients with full immunity from lawsuits if done in good faith. U.S. Government is not prohibited from paying a Government Certified self protected cyber entity or their employee “Asset Forfeiture commissions” that result from providing Government a corporation’s confidential and private client information—that otherwise would require a warrant.

    The recent House Passed Cyber Security Bill overrides the Fourth Amendment. Government may use against Americans in Criminal, Civil and Administrative courts (any information) derived from CISPA warrant-less Internet spying.

    CISPA will open the door for U.S. Government spy agencies such as NSA; the FBI; government asset forfeiture contractors, any private entity (to take out of context) any innocent—hastily written email, fax or phone call to allege a crime or violation was committed to cause a person’s arrest, assess fines and or civilly forfeit a business or property. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay.

    CISPA (warrant-less electronic surveillance) will enable the U.S. Justice Department to bypass the Fourth Amendment, use information extracted from CISPA electronic surveillance) of Americans’ Web Server Records, Internet Activity, transmitted emails, faxes, and phone calls to issue subpoenas in hopes of finding evidence or to prosecute Citizens for any alleged crime or violation. If the current CISPA is signed into law it is problematic federal, state and local law enforcement agencies and private government contractors will want access to prior Bush II NSA and other government illegally obtained electronic records to secure evidence to arrest Americans; civilly forfeit their homes, businesses and other assets under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police become dependent on “Asset Forfeiture” to help pay their salaries and budget operating costs?

    Note: the passed “Civil Asset Forfeiture Reform Act of 2000” (effectively eliminated) the “five year statue of limitations” for Government Civil Asset Forfeiture of property: the statute now runs five years (from the date) police allege they “learned” an asset became subject to forfeiture. If CISPA takes affect, allows (no warrant) electronic government surveillance of Americans, it is expected CISPA will be used by government not only to thwart cyber threats, but to aggressively prosecute Americans and businesses for any alleged crime: U.S. Government spy and police agencies; quasi government contractors for profit, will relentlessly sift through Citizen and businesses’ (government retained Internet data), emails and phone communications) to discover possible crimes or civil violations.

    A corrupt U.S. Government Administration too easily use CISPA no-warrant-seized emails, faxes, Internet data and phone call information) to target, blackmail and extort its political opposition; target any Citizen, corporation and others in the manner Hitler used his Nazi passed legislation that permitted no-warrant Nazi police searches and seizure of Citizens and businesses or to extort support for the Nazi fascist government. Hitler Nazi Laws made it possible for the Nazis to strong-arm German parliament to pass Hitler’s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens. History shows how that turned out.

    CISPA warrant-less electronic surveillance) has the potential of turning America into a Fascist Police State.

  2. The temptation to control all communications between citizens has long been a prize that all power-hungry “do-gooders” have salivated over. One must know that almost all, or too many, of our attempts to communicate are subject to outside observation.
    I am not in favor of “getting used to it.” If one does not react against such attempts to monitor and control freedom of speech, one does not deserve freedom at all.
    The current perpetrators of public surveillance will claim that their intentions are good, that they are looking out for the nation’s interests. Such a claim is and will always be false, since the USA does have a tradition embedded in the US Constitution that rejects that very notion.
    If the police need/want to check on somebody, they submit a request to a judge, along with enough evidence to justify the request. This system can still be subverted, but at least following it leaves a paper trail. It must be maintained.

  3. You state that Nixon turned on project Shamrock and one of the names added to the list was Martin Luther King. King was killed 10 months before Nixon was sworn into office. Small detail, but that kind of sloppiness makes me want to question other areas of the story.

  4. Why would a member of Congress even propose something like CISPA? Who comes up with these ideas and why do they think it’s necessary?

  5. In case you still think the government doesn’t snoop without a reason, there’s a case going to trial soon about the US Border Patrol doing unwarranted highway stops out in Forks, Washington (yes, the “Twilight” town), about 100 miles from the nearest border crossing. Since 2007, local residents get stopped frequently FOR NO REASON except to ask for their proof of citizenship. Native-born U.S. Citizen Hispanics get stopped most often of course. More flagrant than the Arizona law by far which is at least predicated on a prior stop for some traffic offense. The biggest law firm in Seattle is representing three petitioners suing the govt. Informants say the Border Patrol office in Port Angeles is overbudgeted and overstaffed, so the agents just drive around aimlessly doing random stops, for something to do. Your tax dollars at work! Source: dwestneat@seattletimes.com

    • This is the rotten fruit born of our acceptance of “sobriety checkpoints” – that set the precedent – and intelligent cynics (are there any other kind?) knew where it was going to lead.

      Well, we’re there.

  6. This seems like a good place to put this…

    There is a lawsuit in Colorado regarding the unconstitutionality of using a barcode on each ballot as a unique identifier. More info is at:


    It seems that 46 out of the 64 counties in Colorado use Hart Systems voter tabulation machinery and software which allows officials in Colorado to link your vote to you.

    And btw, Eric….There are other states that use Hart Systems…

    Virginia is one of them…

    I’m not trying to raise the level of paranoia to DEFCON levels here but I am concerned. If this is accurate then the concept of a secret ballot has been “thrown in the woods”.

    Maybe the best course of action is to check the veracity of this information as regards your own locale. YMMV

    (Doffs tin-foil chapeau)

    I’m going to do a little more digging before I determine my own response.

    But if this is accurate…?


Please enter your comment!
Please enter your name here