6 Things You Need to Know About the Government's New Spy Law (CISPA)

Congress is seriously considering a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). Intended to allow information-sharing both between corporations and between corporations and the government, it presents serious dangers to individual privacy. The most important parts of the proposed act permit corporations to share information about their customers with each other and with the government if they assert that this information-sharing is necessary for national security.


While the need for better sharing of information might be necessary in some cases, in its current form CISPA represents a particular danger – a mutually reinforcing combination of public and private threats to privacy. Here are seven things you should know about this pending legislation:

1. CISPA would allow companies to share potentially sensitive customer data with each other in ways that would otherwise be inconsistent with current laws that protect consumer privacy, such as the Electronic Communications Privacy Act (ECPA). As the ACLU notes, “[h]ealth records, gun records, tax records, census data, educational records – essentially all information now protected under privacy laws carefully considered and passed by Congress over the past decades --would no longer have that protection as cybersecurity information if these bills are to become law." CISPA would also allow the government to require companies to share customer data without the warrant or subpoena that would be required under current law. The privacy rights of customers may be violated, in other words, without substantial evidence that they pose any kind of security threat.

2. CISPA would also pre-empt state laws that provide more privacy protection than the federal standard. Citizens in some states would face diminished privacy rights both now and in the future.

3. Companies would be broadly immunized from both criminal and civil liability for sharing personal data under CISPA. This is important, because the threat of lawsuits is crucial to ensuring that companies respect the privacy of their customers. Under CIPSA, conversely, corporations would have little incentive to err on the side of protecting privacy and would not face legal sanctions for even wholly unjustified invasions of privacy.

4. Private companies would not be required to remove indentifying information from data they share with the government. Private information could be shared not only with civilian but with military authorities. Given the deference that courts generally show to invocations of national security interests by entities associated with the military, this makes the risks of privacy invasions even more severe. Any information shared under a new legislative framework should go to a civilian rather than a military agency.

5. The only restriction on the sharing of data is that it be related to “cybersecurity.” The bill makes no serious attempt to specifically define what would qualify, and hence this limitation will do very little to limit privacy violations in practice. As the Electronic Freedom Foundation correctly points out, the bill would apply to “far more than what security experts would reasonably consider to be cybersecurity threat indicators—things like port scans, DDoS traffic, and the like.” Without a more careful definition, the potential for abuse is simply too great.

6. Not only does the language of the bill not provide enough protection before the fact, it also does too little to protect individual privacy after information if first shared with the government. As Sharon Bradford Franklin explains, “CISPA lacks any meaningful limitations on the ways in which the federal government may use personal information and the content of private communications that it receives from private companies.”

Until more meaningful protections are added to protect individuals against this public-private privacy threat, Congress should reject CISPA, and if it unwisely chooses to pass the legislation President Obama should veto it. The concerns the White House expressed yesterday are a good sign, but they need to be steadfast and not rush to sign a bad bill.   

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

DonateDonate by credit card

Close

Thanks for your support!

Did you enjoy AlterNet this year? Join us! We're offering AlterNet ad-free for 15% off - just $2 per week. From now until March 15th.