I have yet to hear a good argument for why we need CISPA to override all federal and state privacy laws, including laws restricting what companies can turn over to the government in the absence of legal process. In programmerese, CISPA is a wildcard approach -- an "rm -rf *" -- when you haven't done an "ls" to see what's in the directory first. Perhaps one or two need to be overriden for good reason, but why not specify them instead of using a wildcard?
Here are some details: http://news.cnet.com/8301-31921_3-57422693-281/ What sparked significant privacy worries is the section of CISPA that says "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government." It doesn't, however, require them to do so. By including the word "notwithstanding," House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) intended to make CISPA trump all existing federal and state civil and criminal laws. (It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may "have unforeseen consequences for both existing and future laws.") "Notwithstanding" would trump wiretap laws, Web companies' privacy policies, gun laws, educational record laws, census data, medical records, and other statutes that protect information, warns the ACLU's Richardson: "For cybersecurity purposes, all of those entities can turn over that information to the federal government."
