CISPA lets companies and the government do effectively anything they want with any of your data online – email, IMs, whatever. No limits, no responsibility; just the magic word “cybersecurity” and all rules and agreements are off, and what few legal protections there are get overridden – oh, and did I mention no disclosure? There are a few theoretical limits, but with no disclosure or right to access (including no Freedom of Information Act requests), there’s no way to enforce, which means the limits are meaningless. And even if they weren’t, you have to prove a lack of “good faith” on the part of corporations and government, and if you can’t do that? Immunity from the law for everyone, except you. So, yeah, good luck with that.
For more, see this FAQ from the Electronic Frontier Foundation. US Capitol Switchboard: +1 202.224.3121.