CISPA: The Cyber-Spying Legislation That Won’t Go Away

The House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) on April 18, almost a year to the day after it also passed CISPA in 2012.

The Senate voted the bill down in 2012. In this year's edition, it simply decided not to vote on the bill at all, reports the LA Times. Senator Jay Rockefeller, D-W.Va, said the bill still does not adequately protect Americans from unchecked government spying. CISPA would allow any government organization or agency to obtain any person’s information that is held by a private online company without first obtaining a warrant.

Although the bill has the support of some major corporations such as Intel and IBM, smaller companies and privacy advocates are concerned that the bill’s vague language will result in Fourth Amendment violations of an individual’s right to privacy. A company's VPS hosting by could also be affected if the legislation is signed into law. The federal government, via the U.S. Patriot Act and the Foreign Intelligence Surveillance Act (FISA) already have the authority to spy on just about anyone they want, as recently witnessed by reporters of the Associated Press. CISPA would simply clarify authority the federal government already has.

Basis for CISPA Legislation

The basic premise behind CISPA is that if there is any indication that there may be a cyber-attack, private companies may share private information with each other and the government and no court-ordered warrant is required. The legislation also allows private companies to search the personal data of their users and report to the government any information the company thinks appears to be threatening. Again, no court-ordered warrant is necessary.

Reasons Proponents Urge the Passage of CISPA

CISPAAccording to Grant Gross from Computer World, supporters of the bill claim that allowing greater sharing of information between companies and the government will result in better detection of potential cyber attacks from other countries as well as from criminals and terrorists.

Supporters argue that other nations and criminal groups initiate cyber attacks to obtain customer financial information. They also interfere with air traffic control, banking institutions and other vital systems. Allowing online companies to share information with each other and the government will help detect cyber threats and prevent the attacks from occurring.

Under current law, any private company that shares private information with other companies or the government without a warrant is subject to a lawsuit for violation of users’ privacy rights. This legislation would remove the threat of lawsuit and allow sharing of information without the threat of litigation.

CISPA And the Fourth Amendment

Forcing any company— including websites like Google and Facebook or cell phone providers— to provide user data to a government agency without a warrant violates the precise language of the Fourth Amendment. Current website privacy policies will no longer be applicable if the legislation becomes law. The Patriot Act weakened the Fourth Amendment and gave the government "unchecked" surveillance powers, according to the ACLU. CISPA would finish what the Patriot Act started.

Although some proponents of CISPA claim only information will be provided to the government that relates to cyber security, the language of the bill is vague. It essentially would allow the government to obtain and use any information however it wants to, including probing or investigating other potential crimes. One more disturbing aspect of the proposed legislation is that CISPA does not require any notice to you that your information has been given to the government.

It's unclear if the House plans on drafting a third version of CISPA for the Senate.