Civil rights and privacy advocates are mobilizing their forces to combat the passing of Cyber Intelligence Sharing and Protection Act (CISPA), but documents obtained by Electronic Privacy Information Center through a Freedom of Information Act lawsuit has proved that even without such a law, the NSA, the Defense Department and the Department of Homeland Security have found a way to get the information they needed from ISPs and other private sector businesses.
The released documents, which EPIC shared with CNET reporter Declan McCullagh, show that the two entities have pressed the Justice Department to issue so-called “2511 letters” that would allow AT&T, CenturyLink, and other ISPs to share intercepted communications with government entities without having to worry about breaking the Wiretap Act and be held legally responsible for doing so.
Initially, the cybersecurity project was restricted to monitoring defense contractors’ Internet links. President Obama recently widened its scope to include critical infrastructure sectors, including finance and healthcare.
It is unknown how many of these 2511 letters were issued in total, and which private sector companies participate in it.
“The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation,” stated the privacy organization.