A controversial data-sharing bill being debated today in the U.S. House of Representatives authorizes federal agencies to conduct warrantless searches of information they obtain from e-mail and Internet providers.
Rep. Alan Grayson, a Florida Democrat, proposed a one-sentence amendment (PDF) that would have required the National Security Agency, the FBI, Homeland Security, and other agencies to secure a "warrant obtained in accordance with the Fourth Amendment" before searching a database for evidence of criminal wrongdoing.
Grayson complained this morning on Twitter that House Republicans "wouldn't even allow debate on requiring a warrant before a search."
CISPA is controversial because it overrules all existing federal and state laws by saying "notwithstanding any other provision of law," including privacy policies and wiretap laws, companies may share cybersecurity-related information "with any other entity, including the federal government." It would not, however, require them to do so.
That language has alarmed dozens of advocacy groups, including the American Library Association, the American Civil Liberties Union, the Electronic Frontier Foundation, and Reporters Without Borders, which sent a letter (PDF) to Congress last month opposing CISPA. It says: "CISPA's information-sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records or the content of e-mails, to any agency in the government." President Obama this week threatened to veto CISPA.
CISPA's advocates say it's needed to encourage companies to share more information with the federal government, and to a lesser extent among themselves, especially in the wake of an increasing number of successful and attempted intrusions. A "Myth v. Fact" paper (PDF) prepared by the House Intelligence committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.
Unlike last year's Stop Online Piracy Act outcry, in which Internet users and civil liberties groups allied with technology companies against Hollywood, no broad alliance exists this time. Companies including AT&T, Comcast, EMC, IBM, Intel, McAfee, Oracle, Time Warner Cable, and Verizon have instead signed on as CISPA supporters.
Because Grayson's amendment was not permitted, CISPA will allow the federal government to compile a database of information shared by private companies and search that information for possible violations of hundreds, if not thousands, of criminal laws.
Those include searching the database for "cybersecurity purposes," for the "investigation and prosecution of cybersecurity crimes," for "child pornography" offenses, for "kidnapping," for "serious threats to the physical safety of minors," and any other crime related to protecting anyone from "serious bodily harm."
Rep. Jared Polis, a Colorado Democrat and former Internet entrepreneur, said the "serious bodily harm" language was vague enough to allow federal police agencies to go on fishing expeditions for electronic evidence.
"The government could use this information to investigate gun shows" and football games because of the threat of serious bodily harm if accidents occurred, Polis said. "What do these things even have to do with cybersecurity?... From football to gun show organizing, you're really far afield."
That's why the ACLU continues to oppose this bill, says Michelle Richardson, the group's legislative counsel. Thanks to the amendments that were not permitted, Richardson says, "there's a disconnect here between what they say is going to happen and what the legislation says."
Update, 11 a.m. PT: The House has overwhelmingly approved CISPA, by a 288-127 vote. Here's our article with the details.