Take Action on CISPA: Criminal Internet Spying on People Act

On April 26th 2012, the US House of representatives voted on HR 3523, the Cyber Intelligence Sharing and Protection Act (CISPA) [1].  The entire Massachusetts congressional delegation voted against CISPA, but it still passed the house by a vote of 248 – 168 [2].  In the coming weeks, CISPA (or similar cybersecurity legislation) will likely come up for a vote in the Senate, so it is imperative that we contact our Senators and ask them to vote against this overreaching surveillance bill.  Here’s why: CISPA would legalize an oppressive degree of domestic surveillance with no accountability or democratic oversight.

(1) CISPA relies on an oppressive degree of surveillance.

CISPA invites private industry to a government-sponsored fishing expedition.  Sections (b)(1)(A)(i) and (b)(1)(B)(i), allow “cyber security providers” and “self-protected entities” to “…use cyber security systems to identify and obtain cyber threat information”.  This means that any business can eavesdrop, collect the contents of your communications, analyze who you’re talking with and what you’re saying, and turn that information over to the government, without a warrant — as long as they claim they are doing it in the spirit of cyber security.   Currently, laws such as the Wiretap Act and the Electronic Communications Privacy Act prevent companies from monitoring your private communications [4].  Would you feel comfortable if the post office opened all of your letters, photocopied them, and shared that information with the government?  Of course not!  But that is exactly what CISPA would do with your electronic communications.

CISPA places no limits on who’s data can be collected, or how long that data can be retained.  We’re not talking about spying on terrorists or foreign countries.  We’re talking about spying on everyone in the United States, and on people around the world who rely on US Internet companies for communication. You don’t need to be guilty, and you don’t need to suspected of a crime.  All you need to do is use the Internet.

In terms of the types of data being collected, some limits are described in the bill (such as library circulation records and tax return records) but the vast majority of online data exchanges are fair game for collecting. And further, since language is included which shields the spying activity from public oversight, it would be virtually impossible to verify if any limits to data collection were actually being respected.

(2) CISPA creates an environment with no accountability or democratic oversight.

The legislation spells out this lack of accountability quite clearly:

  • Section (b)(3)(C) declares shared cyber threat information exempt from the Freedom of Information Act (FOIA). Not only is the government planning on spying on us, they have no plans to let us know about it either.  If an Internet service provider voluntarily turns over “cyber threat information” to the federal government, then the American people have the right to know that this disclosure occurred.
  • Section (b)(3)(D) exempts disclosure under state, local, or tribal laws;
  • section (b)(4) exempts collectors of cyber threat information from criminal liability; and
  • section (d)(1)(A) limits the liability for violations of restrictions on the disclosure, use, and protection of shared information to the amount of $1,000 (which is not sufficient to serve as a deterrent).  So even if you can prove the government or “cyber security providers” have violated the meager restrictions laid out in CISPA, you can only win $1,000.  It’s almost as if the government is saying, “We don’t want you to sue us, so let’s make sure it’s not worthwhile to take us to court”.


CISPA goes beyond dragnet surveillance of Internet communications;  CISPA keeps the American people in the dark about how their information is being collected and used.  Furthermore, CISPA provides little recourse to anyone harmed by the collection and sharing of their personal information.  This is a Big Brother, Big Surveillance bill, and it’s only purpose is to chip away at privacy and personal freedom.  The legislation might as well be called the “You Too Can Be a J. Edgar Hoover Cyber Surveillance Act”.

(3) Conclusion

The U.S. Constitution guaranteed, “The  right of the people to be secure in their persons, houses, papers, and  effects, against unreasonable searches and seizures, shall not be  violated, and no Warrants shall issue, but upon probable cause,  supported by Oath or affirmation, and particularly describing the place  to be searched, and the persons or things to be seized.” The Bush-Cheney administration mounted an ambitious attack on this constitutional protection in their pursuit of the power to spy on the domestic population. The Obama administration’s Justice Department has demonstrated the same interest in surveillance and secrecy.

Access to the private communications of U.S. citizens has been used in the past on numerous occasions by federal law enforcement to intimidate and suppress people engaged in lawful expressions of dissent.  This is particularly distressing for Occupy and other grassroots movements, but legalizing domestic spying on a massive scale, with no oversight of this enormous secret operation by the government should be viewed with alarm and rejected by everyone who uses the Internet.  It’s imperative for Occupy, and the future of secure online activism, that this bill not proceed.  Contacting your senators [3] and insuring they vote ‘no’ is one way to help.

Tell them “Vote ‘No’ on the CISPA domestic spying bill!”

[1] http://thomas.loc.gov/cgi-bin/query/C?c112:./temp/~c112gZKN9e

[2] http://clerk.house.gov/evs/2012/roll192.xml

[3] http://www.senate.gov/general/contact_information/senators_cfm.cfm

[4] https://www.eff.org/deeplinks/2012/04/cybersecurity-bill-faq-disturbing-privacy-dangers-cispa-and-how-you-stop-it