Contact Information

CISPA: ‘Devil Is in the Details’ of Cybersecurity Bill, UB Law Professor Says

expert photo
EXPERT CONTACT :

Mark Bartholomew

Associate Professor of Law

University at Buffalo School of Law

716-645-5959

bartholo@buffalo.edu

Bartholomew is an expert in intellectual property and cyber law. Here, he comments on the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cybersecurity bill pending in Congress.

On the intent of CISPA:
“The basic thought behind CISPA is to enable corporations holding personal online data to share it with the federal government when necessary to prevent a national security threat.”
On why CISPA could raise serious privacy concerns:
“I think CISPA is a good idea, but the devil is in the details. Right now, the language of the proposed act calls for sharing of online data when it is needed to help prevent a ‘cyber threat.’ The real question is how do you define 'cyber threat?'
“I do not want that definition of ‘cyber threat’ to be satisfied except in extraordinary circumstances. There are serious privacy concerns at stake, and personal online data should only be shared with the Feds when it really is needed to prevent a national threat.”
On the difference between CISPA and SOPA, a previous cybersecurity bill that sparked significant protest among consumers:
“SOPA (the Stop Online Piracy Act) was designed to prevent intellectual property infringement, not threats to national security. SOPA was about giving intellectual property-holders and the government the right to shut down infringing websites -- for example, stopping foreign websites that allowed you to watch bootleg copies of Hollywood movies. CISPA addresses a different issue: when is it acceptable for companies to turn over your personal online information to the Feds.”
Why some tech companies like CISPA:  
“It is important to note that the legislation does NOT require companies to turn over your online data to the government. It just allows companies to do so when that definition of cyber threat has been satisfied.
“Companies like Facebook like this proposed law because it gives them legal cover if they turn over personal information and then someone tries to sue them for a privacy violation. They also argue that the legislation will help them coordinate with government agencies and respond to cyber threats to their own platforms more quickly. My big concern is that, if cyber threat is defined too vaguely, it would give the government too great of an ability to snoop through our personal online information.”
On whether CISPA, like SOPA, will spark widespread outrage and protest:
“I don’t know. The online outrage at SOPA was kind of shock to me; usually, pro-intellectual property rights legislation like SOPA just sails through Congress. I think there is definitely the possibility for CISPA to galvanize many in the online community like SOPA did because there are many who do not like the idea of their personal information being shared with others.
“On the other hand, one big force against SOPA was that powerful technology companies like Google and Wikipedia moved against the legislation because they saw it as a threat to their bottom line. Here, I do not know what the corporate constituency is against CISPA. It looks like it is just up to individual citizens (and advocacy groups like the ACLU) to protest if CISPA portends to turn everything into a cyber threat."

Related Q&A: SOPA's Vague Language Could Lead to Wide Restrictions on Information Available on the Internet, UB Expert Says

Related Topics:

CISPA, cyber law, cybersecurity, Internet, SOPA

Login