X

CISPA permits police to do warrantless database searches

Amendment was shot down that would have required warrants before police could peruse shared information for any evidence of hundreds of different crimes.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
Rep. Alan Grayson unsuccessfully tried to require police to obtain a warrant before they could peruse CISPA-shared data.
Rep. Alan Grayson unsuccessfully tried to require police to obtain a warrant before they could peruse CISPA-shared data. Getty Images

A controversial data-sharing bill being debated today in the U.S. House of Representatives authorizes federal agencies to conduct warrantless searches of information they obtain from e-mail and Internet providers.

Rep. Alan Grayson, a Florida Democrat, proposed a one-sentence amendment (PDF) that would have required the National Security Agency, the FBI, Homeland Security, and other agencies to secure a "warrant obtained in accordance with the Fourth Amendment" before searching a database for evidence of criminal wrongdoing.

Grayson complained this morning on Twitter that House Republicans "wouldn't even allow debate on requiring a warrant before a search."

That's a reference to a vote this week by the House Rules committee that rejected a series of privacy-protective amendments, meaning they could not be proposed and debated during today's floor proceedings. Another amendment (PDF) that was rejected would have ensured that companies' privacy promises -- including their terms of use and privacy policies -- remained valid and legally enforceable in the future.

CISPA is controversial because it overrules all existing federal and state laws by saying "notwithstanding any other provision of law," including privacy policies and wiretap laws, companies may share cybersecurity-related information "with any other entity, including the federal government." It would not, however, require them to do so.

That language has alarmed dozens of advocacy groups, including the American Library Association, the American Civil Liberties Union, the Electronic Frontier Foundation, and Reporters Without Borders, which sent a letter (PDF) to Congress last month opposing CISPA. It says: "CISPA's information-sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records or the content of e-mails, to any agency in the government." President Obama this week threatened to veto CISPA.

CISPA's advocates say it's needed to encourage companies to share more information with the federal government, and to a lesser extent among themselves, especially in the wake of an increasing number of successful and attempted intrusions. A "Myth v. Fact" paper (PDF) prepared by the House Intelligence committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.

Unlike last year's Stop Online Piracy Act outcry, in which Internet users and civil liberties groups allied with technology companies against Hollywood, no broad alliance exists this time. Companies including AT&T, Comcast, EMC, IBM, Intel, McAfee, Oracle, Time Warner Cable, and Verizon have instead signed on as CISPA supporters.

Because Grayson's amendment was not permitted, CISPA will allow the federal government to compile a database of information shared by private companies and search that information for possible violations of hundreds, if not thousands, of criminal laws.

Those include searching the database for "cybersecurity purposes," for the "investigation and prosecution of cybersecurity crimes," for "child pornography" offenses, for "kidnapping," for "serious threats to the physical safety of minors," and any other crime related to protecting anyone from "serious bodily harm."

Rep. Jared Polis, a Colorado Democrat and former Internet entrepreneur, said the "serious bodily harm" language was vague enough to allow federal police agencies to go on fishing expeditions for electronic evidence.

"The government could use this information to investigate gun shows" and football games because of the threat of serious bodily harm if accidents occurred, Polis said. "What do these things even have to do with cybersecurity?... From football to gun show organizing, you're really far afield."

That's why the ACLU continues to oppose this bill, says Michelle Richardson, the group's legislative counsel. Thanks to the amendments that were not permitted, Richardson says, "there's a disconnect here between what they say is going to happen and what the legislation says."

Update, 11 a.m. PT: The House has overwhelmingly approved CISPA, by a 288-127 vote. Here's our article with the details.