CISPA: How Cyber Security Legislation Would Affect Your Business

On April 18, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). The bill is now headed to the Senate for discussion and a vote. The bill allows any government organization or agency to obtain any person’s information that is held by a private online company without first obtaining a warrant.

Although the bill has the support of some major corporations such as Intel and IBM, smaller companies and privacy advocates are concerned that the bill’s vague language will result in Fourth Amendment violations of an individual’s right to privacy. A company’s VPS hosting by MyHosting.com could also be affected if the legislation is signed into law. There are pros and cons to CISPA and the White House has said it might veto the bill if certain provisions are not modified.

Basis for CISPA Legislation

The basic premise behind CISPA is that if there is any indication that there may be a cyber-attack, private companies may share private information with each other and the government and no court-ordered warrant is required.

The legislation also allows private companies to search the personal data of their users and report to the government any information the company thinks appears to be threatening. Again, no court-ordered warrant is necessary.

Reasons Proponents Urge the Passage of CISPA

According to Grant Gross writing for Computer World, supporters of the bill claim that allowing greater sharing of information between companies and the government will result in better detection of potential cyber-attacks from other countries as well as from criminals and terrorists.

Supporters argue that other nations and criminal groups initiate cyber-attacks to obtain customer financial information. They also interfere with air traffic control, banking institutions and other vital systems. Allowing online companies to share information with each other and the government will help detect cyber threats and prevent the attacks from occurring.

Under current law, any private company that shares private information with other companies or the government without a warrant is subject to a lawsuit for violation of users’ privacy rights. This legislation would remove the threat of lawsuit and allow sharing of information without the threat of litigation.  For additional information, please see the Proactive Security tab on our website.

CISPA May Allow the Government to Circumvent the Fourth Amendment

Making any company – including websites like Google and Facebook or cell phone providers – provide user data to any government law enforcement agency without the government needing a warrant violates the precise language of the Fourth Amendment. Current website privacy policies will no longer be applicable if the legislation becomes law.

Although some proponents of the bill claim only information will be provided to the government that relates to cyber-security, the language of the bill is vague. It essentially allows the government to obtain and use any information however it wants to, including probing or investigating other potential crimes. One more disturbing aspect of the proposed legislation is that CISPA does not require any notice to you that your information has been given to the government.

The Obama administration has recognized the flaws in the legislation. The president’s advisors have said they will recommend he veto the bill if it is presented to him in its current form.