How CISPA would affect you (faq)
April 27, 2012 "CNET" -- It took a debate that stretched to nearly seven hours, and votes on over a dozen amendments, but the U.S. House of Representatives finally approved the Cyber Intelligence Sharing and Protection Act on April 26.
Passions flared on both sides before the final vote on CISPA, which cleared the House by a comfortable margin of 248 to 168.
CISPA would "waive every single privacy law ever enacted in the name of cybersecurity," Rep. Jared Polis, a Colorado Democrat and onetime Web entrepreneur, said during the debate. "Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on."
Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee and author of CISPA, responded by telling his colleagues to ignore "all the things they're saying about the bill that are not true." He pleaded: "Stand for America! Support this bill!"
While CISPA initially wasn't an especially partisan bill -- it cleared the House Intelligence Committee by a vote of 17 to 1 last December -- it gradually moved in that direction. The final tally was 206 Republicans voting for it, and 28 opposed. Of the Democrats, 42 voted for CISPA and 140 were opposed. House Minority Leader Nancy Pelosi said afterward on Twitter that CISPA "didn't strike the right balance" and Republicans "didn't allow amendments to strengthen privacy protections."
The ACLU, on the other hand, told CNET that the amendments -- even if they had been allowed -- would not have been effective. "They just put the veneer of privacy protections on the bill, and will garner more support for the bill even without making substantial changes," said Michelle Richardson, legislative counsel for the ACLU.
Keep reading for some more details from CNET's FAQ about what you need to know about CISPA.
Q: What happens next?
Senate Democrats may be less likely than House Republicans to advance CISPA after the White House's veto threat on April 25. The administration said CISPA "effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."
CISPA's opponents are already rallying Americans to contact their senators to oppose CISPA. Demand Progress has created a petition. The Electronic Frontier Foundation says it "vows to continue the fight in the Senate."
Q: What does CISPA do? Let the National Security Agency spy on
But it would usher in a new era of information sharing between companies and government agencies -- with limited oversight and privacy safeguards. The House Rules committee on April 25 rejected a series of modestly pro-privacy amendments, which led a coalition of civil-liberties groups to complain that "amendments that are imperative won't even be considered" in a letter the following day.
Q: Who opposes CISPA?
A letter (PDF) from two dozen organizations, including the Republican Liberty Caucus, urges a "no" vote on CISPA, and over 750,000 people have signed an anti-CISPA Web petition. Free-market and libertarian groups have opposed it. The Center for Democracy and Technology flip-flopped twice on CISPA as the result of a short-lived deal with the bill's authors not to criticize it.
Rep. Ron Paul, the Texas Republican and presidential candidate, warned on April 23 that CISPA represents the "latest assault on Internet freedom" and was "Big Brother writ large." And 18 Democratic House members signed a letter (PDF) the same day warning that CISPA "does not include necessary safeguards" and that critics have raised "real and serious privacy concerns."
Q: Why is CISPA so controversial?
By including the word "notwithstanding," House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) intended to make CISPA trump all existing federal and state civil and criminal laws. (It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may "have unforeseen consequences for both existing and future laws.")
"Notwithstanding" would trump wiretap laws, Web companies' privacy policies, gun laws, educational record laws, census data, medical records, and other statutes that protect information, warns the ACLU's Richardson: "For cybersecurity purposes, all of those entities can turn over that information to the federal government."
If CISPA were enacted, "part of the problem is we don't know exactly what's going to happen," says Lee Tien, an attorney at the Electronic Frontier Foundation, which sued AT&T over the Bush administration's warrantless wiretapping program. "I worry that you can get a version of cybersecurity warrantless wiretapping out of this."
CISPA's authorization for information sharing extends far beyond Web companies and social networks. It would also apply to Internet service providers, including ones that already have an intimate relationship with Washington officialdom. Large companies including AT&T and Verizon handed billions of customer records to the NSA; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.
Q: Are there other examples of this public-private cooperation
Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies including Western Union secretly turning over copies of all messages sent to or from the United States. "All of the big international carriers were involved, but none of 'em ever got a nickel for what they did," Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA's inspector general.
The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA's headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.
President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock's electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized an intercept program. Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda and the Rev. Martin Luther King Jr.
This apparently has continued. In his 2006 book titled "State of War," New York Times reporter James Risen wrote: "The NSA has extremely close relationships with both the telecommunications and computer industries, according to several government officials. Only a very few top executives in each corporation are aware of such relationships."
In a recent Wired article, author James Bamford described how the NSA is currently building the nation's biggest spy center, a $2 billion facility in the Utah desert. Bamford quoted William Binney, a former NSA official, as saying the NSA's backdoor into the U.S. telecommunications network goes far beyond AT&T's facility on Second Street in San Francisco. "I think there's 10 to 20 of them," Binney said. "That's not just San Francisco; they have them in the middle of the country and also on the East Coast."
Q: Would CISPA allow companies to violate their terms of service
by turning over information to the Feds without a search
One reason CISPA would be useful for government eavesdroppers is that, under existing federal law, any person or company who helps someone "intercept any wire, oral, or electronic communication"--unless specifically authorized by law--could face criminal charges. CISPA would trump all other laws.
Q: What's the argument for enacting it?
During the April 26 floor debate, Rogers said:
Q: What industry groups support CISPA?
In February, Facebook VP Joel Kaplan wrote (PDF) an enthusiastic letter to Rogers and Ruppersberger to "commend" them on CISPA, which he said "removes burdensome rules that currently can inhibit protection of the cyber ecosystem."
By mid-April, however, Facebook had been forced on the defensive, with Kaplan now assuring users that his employer has "no intention" of sharing users' personal data with the Feds and that section is "unrelated to the things we liked" about CISPA in the first place. (A Demand Progress campaign says: "Internet users were able to push GoDaddy to withdraw its support of SOPA. Now it's time to make sure Facebook knows we're furious.")
Q: Was CISPA rushed through the House?
On the other hand, CIPSA did move relatively swiftly through the legislative process, and the House Republican leadership moved up the floor vote by one day at the last moment.
During a town hall that CNET hosted on April 19 in San Francisco, a House Intelligence aide argued that it was a deliberative process. CISPA opponents say the measure is being "rushed through," said senior counsel Jamil Jaffer. "I can't disagree with that more."
Q: Is CISPA worse than SOPA?
It was kind of an Internet death penalty targeting Web sites like ThePirateBay.org, not sites like YouTube.com, which are already subject to U.S. law.
CISPA, by contrast, would allow Americans' personal information to be vacuumed up by government agencies for cybersecurity and law enforcement purposes, as long as Internet and telecommunications companies agreed. In that respect, at least, its impact is broader.
Declan McCullagh is the chief political correspondent for CNET. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.