Under CISPA, Google, Facebook, Twitter, Microsoft, others can't promise to protect your privacy

Under CISPA, Google, Facebook, Twitter, Microsoft, others can't promise to protect your privacy

Summary: An amendment to CISPA failed to pass. This now means major tech and Web companies will be disallowed under law to promise to protect your privacy.


Major technology and Web companies — not limited to Google, Facebook, Twitter and Microsoft — will not be allowed to promise to protect users' privacy should CISPA pass Congress.

CISPA will soon be voted on in the coming few weeks. (Image: CNET)

For those out of the loop, CISPA will allow private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify this so-called "threat information", and to then share that information with each other and the US government — without the need for a court-ordered warrant.

Under a new amendment voted on earlier today in the U.S. House [PDF], U.S. companies would have been able to keep their privacy policies intact and their promises valid, including terms of service, legally enforceable in the future. 

But the Republicans narrowly failed to get it through by a 5-8 vote to reject the amendment.

According to CNET's Declan McCullagh, Rep. Pete Sessions (R-TX), who chairs the House Rules Committee, urged his colleagues to reject the amendment. And they did. All Republican members of the committee voted against, despite a unanimous show of support from the Democratic membership.

It would have allowed companies to make promises to their customers not to voluntarily share their data with other private firms or the U.S. government under the law, which would have been legally valid and enforceable in court.

It means that those who signed up to services under the explicit terms that data would not be shared — with perhaps the exception of the U.S. government if a valid court order or subpoena is served — would no longer have such rights going forward.

The amendment would have weakened CISPA's position. Now it gives these private firms watertight legal immunity under CISPA to share their customer and user data with other firms and the U.S. government, by being "completely exonerated from any risk of liability," according to Rep. Jared Polis (D-CO) speaking to our sister site CNET.

This gives private sector firms the right to hand over private user data, while circumventing existing privacy laws, such as emails, text messages, and cloud-stored documents and files, with the U.S. government and its law enforcement and intelligence agencies.

Today, the White House threw its weight behind a threat that would see CISPA, known as its full title as the Cyber Intelligence Sharing and Protection Act, vetoed by President Obama should it pass his desk.

A vote on CISPA will go ahead on the House floor either on April 17 or April 18.

(Via CNET)

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • One question I have is...

    ...if the President of the U.S, who is responsible for supervising the government agencies with whom private companies would be sharing data, doesn't want this, why do so many members of Congress want it? Even if the bill were to pass over President Obama's veto (fat chance), he could issue an executive order barring federal agencies from cooperating, making the law a dead letter until he leaves office.
    John L. Ries
    • What makes you think Obama doesn't want this?

      This is the guy that has expanded the Patriot Act, given himself executive authority to shut down the internet, etc. Of course he wants this.
      • He threatened to veto it

        Any other stupid questions?
        John L. Ries
        • So?

          He threatened to veto NDAA 2011 too, just before he signed it. Your point?
          • Bad comparison

            Bullshit comparison. Obama had to sign the NDAA, otherwise the military would have lost all its funding. He used the veto threat to get Congress to put a loophole in the NDAA so that he could nullify its indefinite detention clause by executive order, which he did upon signing. You may not like Obama (neither do I) but at least give credit where credit is due-- he was between a rock and a hard place, and wriggled out of it in the only way possible.

            If Obama vetoes CISPA... it dies. End of story. Nothing loses funding. So there's no reason Obama would threaten to veto it unless he actually wants it to be gone.
            Zachary Taylor
          • Obama's Fault?? Bullshit Comparison???

            Very good comparison. Both NDAA and CISPA erode US citizens of protections our Constitution guarantees

            NDAA was passed by both the House and Senate. Why do they not get the blame?

            The controversy was the indefinite detention of US citizens, giving the military the power to arrest and hold Americans without the writ of habeas corpus.

            Obama at least attached a signing statement in protest of this provision.

            I still think Obama should not have signed the Bill.

            Furthermore I believe Obama and every Senator and Representative that voted for NDAA violated their Oath of Office to protect the 5th Amendment of the Constitution.

            And the comparison is valid because they will be violating their Oath of Office again with CISPA and the 4th Amendment.

            Oath of Office (Senate): I do solemnly swear (or affirm) that

            I will support and DEFEND the Constitution of the United States against all enemies, foreign and domestic;

            that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter: So help me God.
  • wake up!

    its your fault, people....you are lazy, you don't fight, you deserve it!
    wake up, people and vote completely new parties with professionals, not bankers!
    • How about...

      ...voting for individuals instead; even if you don't think they can win?
      John L. Ries
    • Agreed, but..

      ..the problem is people will never wake up. They continue living their lives after tragedy strikes rather than taking action to better our world. Next time a bombing, shooting or any other disaster remember this.. it can be prevented. Don't know how it can be? If you designed your own future, the way you want to be treated, how you want life to be then you will see that it is possible to prevent most crisis. Just like this.. get to the root of the problem. One example is money. People do things for profit & they don't care who gets hurt. But like i said, people will move on no matter whether or not CISPA takes effect. Instead of voting for the acceptable candidate, we need to put proper people in office who will really make the world a better place, that may never happen though.. because people will never wake up. But, people do have a choice. Either go with the flow or do something about the issues, can't expect someone else to do it, because they won't.
      • Has to start somewhere

        Andrew Jackson is alleged to have said "one man with courage is a majority". Just understand that activism isn't a financially rewarding occupation for most people.
        John L. Ries
        • Reply to John Ries

          Activism is/was financially rewarding for Obama.
    • Don't look at me.

      I didn't vote for this "clown" that called himself a "presidential candidate". Only 3 more years until 2016, though, and I don't think that the "two-term" amendment will be deemed "unconstitutional" by then.
      Richard Estes
    • Most All People (e.g Google Users) Do Not Understand How CISPA Affects Them

      The real problem is almost no one knows how much Google knows about them and saves in their vast databases tables. At least not until someone subpenas their Google records. Or worse the US government declares you a threat to national security.

      Somewhere in the world the US government is holding someone in violation of the US Constitution. Are you next?

      If CISPA is passed it may cause you to be incarcerated at Gitmo with no right to an attorney or due process. First a little background on how that scenario plays out.

      Google states in their Terms of Service they collect data on your sexual and religious proclivities. They know every site you visit, if that site uses Google Analytics, Ad Sense, or DoubleClick. Not only that you visited that site but also each page you viewed and how long you were on that page.

      A survey found that 89% not gMail users do not know Google saves and indexes every incoming and outgoing mail. If you use any Web Mail and use Google Chrome you have given Google the right to collect the content of any web form which includes your Web Mail. That is if you have not disabled Spell Check, Translations, and Search Suggestions. Send or receive an image via gMail? Google not only knows if it is pornographic, but likely they know if it is gay or straight porn. They may very well be able to identify a person in the photo porno or not.

      If you use Google Voice they can store the date, time, length, and content of the voice or text message. Not sure how much they collect from Android users, but there is a reason that they require a Google account do do something as mundane as change the standard font on your Android phone.

      Once you agree to any Google Terms of Service, including Google Search you a bound to the ToS of ALL Google Services. This may not be a lawful clause, but it cannot be challenged if no one reads the Privacy Statement or Terms of Service.

      A recent class action suit against LinkedIn for negligence involving a breach of security the leaked 6.5 million passwords to a hacker was dismissed because the plaintiff did not read the Terms of Service Agreement.

      That's just a small sample of the stuff EVERYONE should know Google collects.

      My favorite is when they say up front in the Privacy Statement they would never disclose any private information about you without your consent. This is knowing full well if you use any Google Service you have agreed to all Google ToS's which state use of the service constitutes consent. This is clearly blatant deception.

      In the Privacy Statement Google states:
      You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.

      But what they are really saying is if you disable cookies the page may not render at all. How many people can disable all cookies and find the Web useful?

      Google mentions an example of Language Preference but that is only to obfuscate all the other devious ways they use cookies.

      Why do Browsers come with Third Party cookies enabled? Why is referrer enabled by default on Browsers? With Third Party cookies enabled Google can read the cookies they planted in your Browser when you are not on google.com.

      But that is only the tip of the iceberg. You can disable cookies on your Browser and Google will use Off Line Storage. If you use Google Chrome (or any Google product you install on your PC) they have your permission to transmit anything they want to "Improve Google Services and Products".

      Wait, that's not all. They have your permission to search your hard drive and collect whatever they want. For example your Browsing History and Cache from other Browsers. That is the smoke screen example.

      When you install Google software on your PC you will find "Google Updater" running in the list of processes. After reading Google's Terms of Service one may likely view the Google Updater as the Google Trojan that transmits the information vaguely described in their ToS. It does not require enormous technical knowledge to eradicate Google Updater from your PC. Except the Google Updater is a decoy. The real Trojan culprit is a fairly well hidden Google process running as a Windows Service buried deep in the bowels of Windows.

      If you do not believe this use Google Search using the term “Google Updater”. Amongst the search results spouting the essential Google Pack software package and how Google Updater is a “wonderful and handy application” , is a discussion form titled “How do I turn off Google Updater”. The highlighted “best answer” is wrong. Google purposely allows this forum discussion to bad mouth Google Updater as the root of all evil. Why? So you do not go looking for the real culprit.

      And if you believe Google does not alter their search results for the good of Google then you are a dumb-ass.

      Most people will interpret the term "Improve Google Services and Products" to mean your preference for what ads you may want to see. Because that is what they want you to think it means. What you must keep in mind they are not just using what they collect to improve the user experience as they want you to believe. Google Products and Services include what they sell to others. Like your private information.

      There are some thing they collect such as religion and sexuality proclivity that they will not sell. They will use it in a psychological profile to sell advertising. And they will give it to anyone with a subpena.

      Anyone that knows how to create, or copy and alter an existing, Subpena Duces Tecum, can submit it to Google that the information to the best of their interpretation of the law and may read read as follows (this example is for copyright infringement, from a Microsoft subpoena received by ThePriateBay.org ):

      All they need to do is include a phrase similar to this:
      I swear under penalty of perjury that I am authorized to act on behalf of Microsoft in regard to its exclusive rights in the work(s) identified above that I believe has been and continues to be infringed as described above.

      It is Google responsibility to use due diligence to confirm the requested information in the subpena is legal.

      This is Google's reason for a clause in their Privacy Statement intended to cover their ass: For Legal Reasons: We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

      Who makes the determination if Google's "good-faith belief" is actually a lawful release of your personal (private) information? Answer: Civil litigators.

      Google exposes themselves to civil litigation every time they release your private information under subpena. What CISPA is doing is reducing the liability. Why? To make it easier to discover information that may be unlawful to release. How? Google will be less likely to object to an unlawful request if there is no liability or threat of litigation. Not their problem any more.

      Currently Google is more likely to object to an subpoena that is not a request from a California Court. On the other hand with some requests it is easier to respond than to get dragged into Court over the matter.

      There are subpoenas for some information that requires probable cause and is ordered by a Judge. Not all decisions made by Circuit Judges are lawful. Almost all laws are subject to interpretation. The legality of any court decision can be challenged by either the plaintiff or defendant, which ever is on the losing side. This can escalate to the State Appeals Court, State Supreme Court, and the US supreme Court.

      When the Feds request data it is unlawful for Google to reveal any information regarding the discovery request. And no one can get the information from the Feds by using the Freedom of Information Act. Why? So you and I will never know how often or to what degree the Feds are abusing the CISPA law.

      Would the Feds abuse their power? The court records make it extremely clear they abuse their power many times every day. They only stop abusing their power when some one like the ALCU sues them. The ACLU uses the Freedom of Information Act to discover these abuses.

      Right now the NDAA Bill signed by Obama January 2011 is currently being challenged in the case of Hedges v. Obama in the US 2nd Circuit Court of Appeals and will likely be finalized by the US Supreme Court.

      It seems apparent to me (and a US District Judge) that when NDAA allows for detention of citizens and permanent residents taken into custody in the U.S. on “suspicion of providing substantial support” to groups engaged in hostilities against the US, and to do so without rights to an attorney or due process is a clear cut case where NDAA violates the 1st, 4th, and 14th Amendments.

      How has the Obama Administration responded? By appealing the US District Judge's decision. Furthermore another US district Judge issued a permanent injunction which prevents the US government from using NDAA to unconstitutionally detain US citizens and permanent residents.

      The US Government is now facing contempt of court charges for not following the judges order that the US cannot unlawfully detain US citizens and permanent residents. They also face contempt charge in their refusal to answer the plaintiff's question if the US has violated the injunction after (not prior to the injunction) the injunction was issued.

      Refusal to answer implies that yes the US has detain citizens or residents after the injunction was issued. This clearly demonstrates the Obama Administration's propensity to lawlessness.

      Is a US government that violates their Oath of Office by refusing to "support and defend the constitution" with contempt and lawlessness, a government that can be trusted with the unregulated terms of CISPA? I think NOT!

      The Feds want to use CISPA to ease the process of violating your 4th Amendment rights and reduce the ability for their abuse to be discovered. CISPA reduces the constitutional obstacles involved in violating your rights and liberties (e.g. removing Google's liability).

      Now here is the scenario that gets you locked up at GitMo for the rest of your life.

      Google tracks and stores every move you make on the Internet.

      You have no way to verify the accuracy of what Google saves about your Internet activity.

      CISPA eliminates the possibility of you finding out you are being targeted in a terrorist investigation.

      When the US government uses CISPA to compile data on terrorist activity, due to Google's erroneous data collection, the US declares you are a threat to national security.

      Using the unconstitutional provisions of NDAA, the US locks your sorry ass away at Gitmo indefinitely, leaving you with no legal recourse to defend yourself.

      Too far fetched for you? Think again. Why does the US, when faced with contempt of court, refuse to answer if the US government has already applied NDAA to any US citizen or permanent resident anywhere in the world.

      They have, this time, you were only lucky that it was not you.

      Somewhere in the world the US government is holding someone in violation of the US Constitution. We will probably never know who or where in our lifetime. These types of secrets are sealed away for 75 years in the interest of national security. This way anyone that gives two shits about secret US government activities will be dead.

      Still you think the US government can be trusted? Google the search term “ACLU Stingray”. You will discover the great lengths the US government is going to keep the little known Stingray surveillance technology a secret.

      Or how about the “NSA's eavesdropping equipment discovered in AT&T's San Francisco central office”? Google the term in quotes. The number one result from Wikipedia is “The NSA Is Building the Country's Biggest Spy Center”.

      San Francisco’s spy center is an example of the NSA's land line surveillance and Stingray is the Cellular surveillance technology.

      When researching this San Francisco discovery I found a tiny obscure news article where the NSA made a request for increased funding to increase the funding for the NSA's recording and data mining of US telephone conversations from the then level of 60% of all US telephone conversations.

      You think Google has massive storage and search capabilities? The NSA records your telephone conversation and also stores the conversations in text format speech to text transcoders. These conversations are indexed similar to the way Google indexes Websites.

      This was revealed to me by a fellow electrical engineer involved with large scale telephone voice compression a storage technology. This engineer had a conversation with a with a government contractor (or sub-contractor) knowledgeable with the NSA's telephone conversation recording project.

      The contractor used an example of how then president Clinton used this technology. They used the search term “Lewinsky cigar” to search the text to locate telephone conversations with these two keywords. Then Clinton's advisors could then listen to the conversations to get the pulse of the general population regard this topic.

      If you were to research the reported sales of hard drives verses the sale of PC's and computers that use hard disks, prior to and during the early years of the Clinton administration there was a very disproportionate number of hard drive manufactured. These were the days before the Internet and search engines became common place and the storage soared. Many of these unaccounted sales of hard drives were used to record your telephone conversations.

      Rule of thumb (somewhat outdated) regarding what you say in a phone conversation: Never say anything on the phone you would not be will to have printed on the front page of the newspaper.

      Typically what happens when a government agency's unlawful surveillance uncovers criminal activity they will never allow the “unlawful” surveillance to be used as evidence in order to keep theses unlawful practices hush hush. What they will do is use other lawful methods to gather evidence. If the courts were aware of the original discovery of the unlawful activity, all the evidence would b e ruled inadmissible under the Fruit of a Poisonous Tree Doctrine.

      One might conclude that this is acceptable behavior as it leads to a reduction in crimes. Except what is being missed by this line of thinking is if law enforcement's unlawful tactics remain unchecked due to your apathy towards civil liberties, then it is just a matter of time before the US becomes so much more of a police state, that the US becomes an undesirable country to line in. Now, on a global level, the US is just an embarrassing country to live in. Is that not bad enough?
  • I swear...

    Everyday these idiot politicians do something to make me want to move to a cabin in the woods of Montana and unplug from everything.
    • Just don't start sending bombs

      We've had enough of that already.
      John L. Ries
      • Thanks for the vote of confidence....

        but I'm not a nut... well, at least not the kind that would hurt people.
        • 4th Amendment Rules, CISPA is not a Constitutional Amendment

          The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

          CISPA is an amendment to the National Security Act of 1947, NOT the Constitution.

          The Legislative Branch can write legislation, but the Judaical Branch can strike down laws which violate the Constitution.

          Laws and their use (or abuse) are interpreted, enforced, and can be ruled unconstitutional, by the Courts.

          Where ever a "reasonable person" has an expectation of privacy regarding their papers and effects, a seizure of them requires probable cause which is determined by the Courts, not Congress.

          Because no one reads Privacy Statements and Terms of Service, no "reasonable person" understands what information is being collected and legally speaking may very well have an expectation of privacy.

          The US Supreme Court has a pretty good track record of protecting the rights of US citizens. The courts have even protected those (the majority) that are ignorant about laws and their rights.

          Voters should take note of which legislators voted in favor of any legislation which infringes on their constitutional rights. CISPA is just one.
  • Unlike the blog author, apparently, I actually

    went and read the bill. It's not the apocalypse everyone is telling you it is.

    Page 6, starting at line 21: "(A) shall only be shared in accordance with any restrictions placed on such information by the protected entity or self-protected entity authorizing such sharing.

    Page 11, starting at line 9: "(3) ANTI-TASKING RESTRICTION. -- Nothing in this section shall be construed to permit the Federal Government to--
    "(A)" require a private-sector entity to share information with the Federal Government.
    • I guess one of the questions is...

      ...do you think that the subjects of data collected collected in confidence have any right to prevent its further distribution. That is to say, do people have any moral (not necessarily legal) right to privacy at all?

      And do the feds have ways to "encourage" the patriotic sharing of data (especially with DOJ prosecutors)? I think they do.
      John L. Ries
    • Except it is Exempt from Freedom of Information Act

      CISPA creates an exception to all privacy laws on the books so that companies holding our private and sensitive information can share it with each other and the government for cybersecurity purposes. This could include the content of chats and emails and people's online browsing histories.

      The Feds have a long history of violating US citizens of their liberties, e.g. NDAA.

      While the paragraph you reference...

      Sec. 1104. (c) Federal Government Use of Information (3) ANTI-TASKING RESTRICTION

      ...is a good thing, how will it be enforced when we have no recourse to discover evidence of violations?

      Freedom of Information Act is the tool that provides us with the ability to discover violations.


      (D) if shared with the Federal Government--

      (i) shall be exempt from disclosure under section 552 of title 5, United States Code (commonly known as the "Freedom of Information Act");

      (ii) shall be considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information;