Crossroads Blog | CYBER SECURITY LAW AND POLICY

anonymity, Criticism, Legislation, Privacy

CISPA keeps chugging

I apologize if you're getting CISPA overload, the bill has been everywhere lately.  Unfortunately, it's going to get worse; the bill is slated to move to the floor next week. The bill has weathered criticism pretty well though.

A quick survey of CISPA related news . . .

***

Brock Meeks wrote for Wired on how CISPA is not the "Son of SOPA."  Notably, SOPA implicated the First Amendment whereas CISPA implicates the Fourth Amendment (through government monitoring).  However, Meeks argued that the bills are similar in that both try to solve a legitimate problem with an extreme solution.  With regard to CISPA, the bill suffers because of those broad information-sharing provisions.  Meeks sees 4 major problems with the bill:

  1. CISPA has an "almost unlimited definition of the information [that] can be shared with government agencies."
  2. CISPA's passage means that the government will monitor even more private communications. 
  3. CISPA would shift government cybersecurity responsibility from "civilian agencies to the NSA."
  4. CISPA could create a back-door wiretap program.

You can find the Wired source article here.

***

Brendan Sasso reported for The Hill on how House Republicans have resisted White House pressure to include mandatory cybersecurity standards in CISPA.  For background, the Senate Democrat's proposal (the CSA), largely backed by the White House, institutes mandatory cybersecurity standards for critical infrastructure providers.  Republicans are opposed to adding regulatory mandates, arguing that businesses don't need more regulation.  This exact same debate raged in the Senate and ultimately ground movement on cybersecurity legislation to a halt.

***

Matt Peckham wrote an article for Time titled 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed.  Immediately misstating the issue, Peckham described CISPA as "a bill proposed . . . to give the government new powers to secure networks and thwart copyright violators."

The article gives the same mix of arguments against the broad information-sharing provisions.  The one new argument was that CISPA forces you "to go to the moon" to hold companies that violate your privacy legally liable.  Specifically, to find willful misconduct, a person must prove that a company (1) intentionally or knowingly (2) disregarded a known or obvious risk (3) that was so great that it made it "highly probable the harm of the act or omission will outweigh the benefit."

***

Matthew Eggers (from the U.S. Chamber of Commerce) wrote an op-ed for US World & News on why CISPA will improve U.S. cybersecurity.  Eggers explained that the business community has embraced CISPA because the bill imposes no new federal mandates, ensures that companies can get threat information to protect their computers and customers, and providers businesses with safe harbor from legal liability for sharing customer information.

With regard to the privacy arguments, Eggers noted that the U.S. government cannot force a company to hand over a customer's private information.  Moreover, the bill will encourage companies to anonymize the shared information.

Leave a Reply

anonymity, Criticism, Legislation, Privacy

CISPA keeps chugging

I apologize if you're getting CISPA overload, the bill has been everywhere lately.  Unfortunately, it's going to get worse; the bill is slated to move to the floor next week. The bill has weathered criticism pretty well though.

A quick survey of CISPA related news . . .

***

Brock Meeks wrote for Wired on how CISPA is not the "Son of SOPA."  Notably, SOPA implicated the First Amendment whereas CISPA implicates the Fourth Amendment (through government monitoring).  However, Meeks argued that the bills are similar in that both try to solve a legitimate problem with an extreme solution.  With regard to CISPA, the bill suffers because of those broad information-sharing provisions.  Meeks sees 4 major problems with the bill:

  1. CISPA has an "almost unlimited definition of the information [that] can be shared with government agencies."
  2. CISPA's passage means that the government will monitor even more private communications. 
  3. CISPA would shift government cybersecurity responsibility from "civilian agencies to the NSA."
  4. CISPA could create a back-door wiretap program.

You can find the Wired source article here.

***

Brendan Sasso reported for The Hill on how House Republicans have resisted White House pressure to include mandatory cybersecurity standards in CISPA.  For background, the Senate Democrat's proposal (the CSA), largely backed by the White House, institutes mandatory cybersecurity standards for critical infrastructure providers.  Republicans are opposed to adding regulatory mandates, arguing that businesses don't need more regulation.  This exact same debate raged in the Senate and ultimately ground movement on cybersecurity legislation to a halt.

***

Matt Peckham wrote an article for Time titled 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed.  Immediately misstating the issue, Peckham described CISPA as "a bill proposed . . . to give the government new powers to secure networks and thwart copyright violators."

The article gives the same mix of arguments against the broad information-sharing provisions.  The one new argument was that CISPA forces you "to go to the moon" to hold companies that violate your privacy legally liable.  Specifically, to find willful misconduct, a person must prove that a company (1) intentionally or knowingly (2) disregarded a known or obvious risk (3) that was so great that it made it "highly probable the harm of the act or omission will outweigh the benefit."

***

Matthew Eggers (from the U.S. Chamber of Commerce) wrote an op-ed for US World & News on why CISPA will improve U.S. cybersecurity.  Eggers explained that the business community has embraced CISPA because the bill imposes no new federal mandates, ensures that companies can get threat information to protect their computers and customers, and providers businesses with safe harbor from legal liability for sharing customer information.

With regard to the privacy arguments, Eggers noted that the U.S. government cannot force a company to hand over a customer's private information.  Moreover, the bill will encourage companies to anonymize the shared information.

Leave a Reply