Cyberlaw Update: What’s CISPA, and why will Obama veto it?

May 23, 2012

Cyberlaw Theme Month(Editor’s Note: Technology changes so quickly nowadays that it’s sometimes hard to keep up. To help with this, Westlaw Insider will be looking at recent developments and updates in social media law and cyberlaw throughout the month of May.)

For the first week’s post on a Facebook “Like” not being expressive, click here.

For the second week’s post on personal jurisdiction and Facebook, click here.

For the third week’s post on a lawyer taking secret upskirt videos of his employees, click here.

Earlier this year, the House bill “Stop Online Piracy Act” (SOPA) and its Senate counterpart “Protect Intellectual Property Act” (PIPA) sparked public outrage and widespread protests.

Why the unpopularity?

The language in the bills increased websites’ liability for hosting or linking to copyright-protected material – essentially to the level of strict liability.

Because websites found to be infringing could be shut down until any charges were cleared, and because the vast majority of websites allow user content with minimal preliminary review, SOPA and PIPA had the potential to effectively shut down the Internet as we currently know it.

The pervasive unpopularity of both bills stopped them in their tracks, and, as of today, both have been shelved indefinitely.

However, Congress can’t stand idly by while the Internet is open and free for everyone, so it had to do something about it.

Enter CISPA (the Cyber Intelligence Sharing and Protection Act), passed by the House at the end of last month.

How was CISPA able to handily pass the House when neither SOPA nor PIPA got to a floor vote?

CISPA doesn’t face the well-funded opposition from Internet giants such as Facebook and Google that the former two bills did.

In fact, Facebook is supporting CISPA.

Why?

The bill provides exemption from liability for such entities for releasing private information to the government as long as the release of information was “cyber threat information.”

Well, fair enough.

The problem with the bill arises with its definitions, though.

For example, the definition of “cyber threat information” is broad enough to include…

“information directly pertaining to a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity or any information stored on, processed on, or transiting such a system or network.”

and

“information directly pertaining to efforts to deny access to or degrade, disrupt, or destroy a system or network of a government or private entity.”

Two points on these definitions.

First, the owner of the system or network has wide discretion to determine what constitutes a threat to the “integrity, confidentiality, or availability” of its own systems.

Second, pretty much any access to or use of a system or network degrades it to some extent.

So, in effect, the release of private data doesn’t have to relate to an actual cyber security threat, and instead, CISPA would give complete discretion to private system and network owners to release to the government any and all private information they have on their users.

The good news is that, even if it passes in the Senate (which isn’t terribly likely), President Obama has already stated that he will veto CISPA.

Shortly after the bill was passed in the House, the White House released a statement about CISPA pointing out the obvious: that it is an affront to Americans’ privacy and that it hurts consumers.

The bad news is that that same statement seemed to indicate that Obama supports some kind of cyber security bill, so we can be sure that even if CISPA fails (which it likely will), Congress will cook up some other way to destroy Americans’ online freedom and privacy.

Luckily, the Internet – the same system seemingly constantly under siege by Congress –provides a powerful medium of communication with which to fight back.