In February 2017, rumors began to appear of an ominous warning on Facebook that seemed to target protesters of the Dakota Access Pipeline, or DAPL. The warning apparently reads as follows:
The Department of Homeland Security [DHS], under the authority of the Cyber Intelligence Sharing and Protection Act (CISPA), has informed us that your facebook account may contain material that the U.S. Government finds threatening to national security.
Your complete history on facebook is being sent to the F.B.I. for review.
The message (which claimed to be undersigned by Facebook, the FBI, and the DHS) contained glaring stylistic errors, such as a failure to capitalize “Facebook.” According to digital privacy rights organization the Electronic Frontier Foundation (EFF), the Cyber Intelligence Sharing and Protection Act, or CISPA, was proposed legislation as of 2013:
Under CISPA, any company can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company, and then share that information with third parties, including the government, so long as it is for “cybersecurity purposes.” Whenever these prerequisites are met, CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files.
Right now, well-established laws like the Cable Communications Policy Act, the Wiretap Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act provide judicial oversight and other privacy protections that prevent companies from unnecessarily sharing your private information, including the content of your emails.
And these laws expressly allow lawsuits against companies that go too far in divulging your private information. CISPA threatens these protections by declaring that key provisions in CISPA are effective “notwithstanding any other law,” a phrase that essentially means CISPA would override the relevant provisions in all other laws—including privacy laws. CISPA also creates a broad immunity for companies against both civil and criminal liability. CISPA provides more legal cover for companies to share large swaths of potentially personal and private information with the government.
CISPA lingered in limbo until December 2015. In the course of the passage of a budget omnibus bill, an amended version known as CISA (the Cybersecurity Information Sharing Act, not to be confused with CISPA) was added as a rider to other legislation. The consolidated spending bill was signed into law by President Barack Obama on 18 December 2015.
It is incredibly unlikely that federal law enforcement agencies would reference an obsolete bill in purported warnings sent or received in February 2017. We contacted Facebook to ask whether the social media network had warned users that their profile information would be forwarded to the FBI by the Department of Homeland Security over posts or content related to Standing Rock protests (or if the warning was at all genuine). A representative for Facebook confirmed to us that the screenshot is fake, and no such message exists.