While the need for better sharing of information might be necessary in some cases, in its current form CISPA represents a particular danger – a mutually reinforcing combination of public and private threats to privacy. Here are seven things you should know about this pending legislation:
1. CISPA would allow companies to share potentially sensitive customer data with each other in ways that would otherwise be inconsistent with current laws that protect consumer privacy, such as the Electronic Communications Privacy Act (ECPA). As the ACLU notes, “[h]ealth records, gun records, tax records, census data, educational records – essentially all information now protected under privacy laws carefully considered and passed by Congress over the past decades –would no longer have that protection as cybersecurity information if these bills are to become law.” CISPA would also allow the government to require companies to share customer data without the warrant or subpoena that would be required under current law. The privacy rights of customers may be violated, in other words, without substantial evidence that they pose any kind of security threat.
2. CISPA would also pre-empt state laws that provide more privacy protection than the federal standard. Citizens in some states would face diminished privacy rights both now and in the future.
3. Companies would be broadly immunized from both criminal and civil liability for sharing personal data under CISPA. This is important, because the threat of lawsuits is crucial to ensuring that companies respect the privacy of their customers. Under CIPSA, conversely, corporations would have little incentive to err on the side of protecting privacy and would not face legal sanctions for even wholly unjustified invasions of privacy.