CISPA is back: worst Internet law since SOPA needs you to fight it!

CISPA is a sweeping, privacy-annihilating Internet law that we killed last year. The Congressmen who introduced it haven't learned their lesson and they've reintroduced it. The price of freedom is eternal vigilance, right? We killed CISPA once before. We will kill CISPA again. It only works if you take part.

Last year, Representatives Rogers and Ruppersberger introduced CISPA, which would create a gaping new exemption to existing privacy law. CISPA would grant companies more power to obtain “threat” information (such as from private communications of users) and to disclose that data to the government without a warrant -- including sending data to the National Security Agency.

This week, CISPA was reintroduced in the House of Representatives. EFF is joining groups like ACLU and Fight for the Future in combating this legislation.

Last year, tens of thousands of concerned individuals used the EFF action center to speak out against overbroad and ineffective cybersecurity proposals. Together, we substantially changed the debate around cybersecurity in the U.S., moving forward a range of privacy-protective amendments and ultimately helping to defeat the Senate bill.

Now we need your help again. Can you send a message to your Representatives asking them to oppose this bill?

CISPA is Back.

(Image: eye of providence, a Creative Commons Attribution Share-Alike (2.0) image from emperley3's photostream)


  1. There’s nothing to stop this being re-proposed indefinitely.  Continuing to defend against it is good and necessary, but what about trying for a Constitutional amendment guaranteeing some form of privacy?  I’m fairly ignorant on whether there are any current motions in this direction (and of course highly pessimistic as to whether it would be possible) – have people tried this?

    1. Re:
      but what about trying for a Constitutional amendment guaranteeing some form of privacy?

      We have one; it’s called THE BILL OF RIGHTS!
      (“Congress shall make no laws abridging these rights . . . . .”)

      1. Right to privacy is never written in the constitution. It was interpreted as IMPLIED by one of the earlier Supreme Courts (might’ve been Warren, but I can’t swear to that), but it has never been explicitly law. The Bill of Rights does not protect your right to privacy unless the supreme court decides it does.

        1. The Bill of Rights does not protect your right to privacy unless the supreme court decides it does.

          That, unfortunately, could be said of everything in the entire constitution.They have the ultimate authority in interpreting everything.

          1. A possibly informative page arguing that the 10th Amendment supports a right to privacy.

            However, it does leave it rather implicit at best.

          2. Re: it’s a nutjob blog:  Ah.  That seems to be true.  Sorry, I didn’t practice adequate due diligence.

          3. So what about our 4th amendment right, which is in the bill of rights? The 4th amendment says “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” I find it odd, they took an oath or affirmation that they would protect and defend the United States constitution but they try passing this that violates the 4th amendment.

      2.  Dude, you can go bury your head in the sand with “it’s protected in the Bill of Rights” or you can get real and go look at existing case law and stuff.
        That “it’s in the Bill of Rights” argument isn’t gonna look so good when cops are giving you the once over because they’ve got an inkling you’re up to no good.

        It’s like: in order for the words written there to actually *mean* anything, you’ve got to exercise said rights frequently.  Or else, much like un-excercised muscle tissue, they will atrophy.

        Go tell your congress critter about how you don’t like how this bill impacts your rights. 

  2. I’m a little hazy on one point of this, so maybe more legal-minded posters can help me out:  CISPA would allow companies to disclose my “private info” to the government.  I always assumed that if, say, Facebook wanted to send something I posted (or messaged) to the authorities, they could do so, much in the same way a psychologist is required to report a patient if they make a credible threat to harm someone else, regardless of whether or not that threat was communicated in a privileged setting.  If anything, I would have guessed Facebook would have even more leniency to rat me out if they so desired.  Is that not true?  What currently protects us from that?

    1. What about gmail? Shouldn’t your online correspondence receive similar protection as your snail mail?

      More to your question though, most of this is in a kind of legal grey area. There is nothing allowing or preventing this sharing between companies and the government. It is really up to each company to decide how much they want to cooperate. CISPA would force them to cooperate without any judicial oversight.

      1. Can you imagine the uproar if the USPS started to scan and digitize copies of everyone’s snail mail including the contents and who sent what to who and when. It would hold that data for at least a year or so. Oh and it would also allow the FBI and NSA to search this database and request records whenever they felt like it.

      2. OK, I think I follow.  I know that e-mail already receives weaker protection than snail mail (the whole “it’s abandoned after 180 days and no longer requires a warrant” from the Electronic Communications Act), but I didn’t realize that would be further weakened by CISPA.

    2.  AFAIK, nothing currently protects from that.  From back when I read it, the law just carves out a huge hole that says, “when it comes to online stuff, totally ignore any existing laws regarding privacy.  At any time, we can ask any company for any amount of information they might have on any number of people, and that company *will* comply and give us the goods.  Period.”

      It’s basically a carte blanche license to spy on whomever whenever, provided that, that spying is happening online.

      Furry cows moo and decompress.

  3. There’s very poor messaging from the anti-CISPA side here.  “CISPA is bad because companies will tell the NSA if your online behavior looks threatening to the government.”  I’m sorry, but that’s not going to sound like a bad thing to many people.  What is really at stake here?  (Not to mention that if you’ve been paying any attention for the last 10 years it seems pretty clear that the government is *already* scanning all US internet traffic.)

    What is our counter proposal?

    And I like the idea of going on the offensive.  Let’s put all of our energy into creating legal and/or constitutional guarantees for the things we value instead of just fighting to stop this stuff over and over.


      CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s ‘information sharing’ regime allows the transfer of vast amounts of data, including sensitive information like internet use history or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for any nonregulatory purpose so long as one significant purpose is for cybersecurity or to protect national security. These are not meaningful use restrictions: “national security” use is one of the problems, and the White House recognized this immense problem by precluding such use in its own cybersecurity proposal. While the bill requires the Director of National Intelligence Inspector General to issue annual reports on the government’s use of information shared with it under the bill, such reports would only be provided to congressional intelligence committees, and IG reports are no substitute for meaningful use restrictions and they will do nothing to dissuade companies from misusing personal information shared under this broad new program.

    2.  Well how about this:
      What possible good can come from CISPA?  Was there some (recent) “cyber” terror threat that needs to be fought?  Why aren’t the current laws good enough?
      I say the “pro”-CISPA side hasn’t made anything even remotely like a good case yet.  They’re just hoping no one will yell or complain.
      Let’s yell and complain.

  4. Again the easy answer, remind Congress that their data goes first and the people get first crack at it.


  6. How can politicians keep reintroducing stuff that was defeated? There has to be a point that once defeated a proposition cannot be brought back for at least say 10 years, otherwise we keep refighting the same battles!

  7. I keep reading that they are trying to stop terror threats, but it’s like fishing in an ocean, you don’t go out and but the net over the whole ocean and take everything out of the ocean; same with anti-terror efforts by the government: They don’t need to spy on everyone and see all our internet communications, they only need to go after terrorists and stop terrorism.

  8. How often must we fight this?  They will continue to relentlessly pursue this, just as backward states like Mississippi continues it’s relentless pursuit of prayers and creationism in public schools.    It’s endless.

  9. Some nutjob once said a government should be terrified of its people.  Well, congratulations.  Our government is obviously terrified of us.  This law can be nothing more than a desperate cry for help from a government so afraid of its constituencies it no longer differentiates between friend and foe.

Comments are closed.