By April 24, 2012

CISPA’s “Good Faith” Carrot Needs No Stick

Free CISPA Wallpaper

One of the perplexities regarding CISPA is why any company would voluntarily turn information over to the government?

And why sre some of the biggest internet brands actually supporting it? What’s in it for Facebook and Google and Microsoft?

After all, logging and storing and transmitting the information would take effort and demand resources perhaps better used for other things. And, of course, there’s the potential blowback from your customers and users.

Or to put it another way, “I know what you want. What’s in in for me?”

Turns out that CISPA provides a rather big exemption from liability for those who “voluntarily” participate. To quote the EFF:

The bill provides “good faith” immunity for using “cybersecurity systems” to obtain information, for not acting on information that a company learns, and for making any decisions based on the information they learn.

If a company learns about a security flaw, fails to fix it, and users’ information is misused or stolen, companies cannot be held liable as long as the company acted “in good faith” according to CISPA.


CISPA grants surveillance power to private entities “notwithstanding any other provision of law,” which could override the right to sue under laws such as the Wiretap Act, the Stored Communications Act, and the Computer Fraud and Abuse Act.

As such, companies lose any legally based incentive to protect user privacy, like federal or state privacy laws that stop companies from sharing sensitive personal information like health records or financial data.

And to make things even better, participating in the sharing of cyber-security information is in itself deemed to be “good faith” by the law.

Have a hacker steal millions of financial records, health records, or credit card numbers, and as long as they were participating in CISPA, they were acting in “good faith” to secure their networks, and as such can not be sued for failing to protect their customer’s personal data.

Complete and total excemption from privacy lawsuits? All for sharing a bit of data with the Feds?

I mean, if you were a corporate CEO, you’d almost be considered negligent NOT to sign up.

Who needs a stick to force compliance when you have one monster carrot?

Don’t just read about this. Take a moment and use the EFF’s automated system to call or email your representative now. Stop CISPA.

Related Stories

[Via The EFF]


Donate To
flattr this!

Smart-Grips For New iPad