CISPA Voids Private Contracts, Undermines Rule of Law

WASHINGTON, D.C., April 17, 2013 — The U.S. House of Representatives will soon vote on final passage of H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA).

The Competitive Enterprise Institute, a free market think tank, strongly urges Members of the House of Representatives to vote “Nay” on passage of CISPA.

The following statement may be attributed to Ryan Radia, Associate Director of the Center for Technology & Innovation at CEI:

We support voluntary information sharing about cyber threats and applaud lawmakers for rethinking outdated federal laws that inhibit Web firms’ ability to defend their networks. Yet CISPA goes far beyond untangling this web of legal barriers – it voids private contracts and undermines the rule of law. Although a bipartisan group of lawmakers, led by Rep. Justin Amash, proposed an amendment to address these concerns, the House Rules Committee rejected this crucial amendment.

While CISPA’s sponsors emphasize “voluntary” information sharing, the bill actually cannibalizes private contracts between cloud computing providers and their customers, which include many individuals and small businesses. CISPA’s sweeping immunity provision in subsection (b)(4) permits a provider to break its privacy promises to users with impunity. Indeed, the bill gives firms blanket immunity for all acts involving cyber threat information sharing, so long as such acts are taken in “good faith” – even if companies have not taken any reasonable steps prior to sharing information to ensure that it pertains to an actual cyber threat.

CISPA also permits government agencies to recklessly mishandle private information, providing absolutely no recourse to businesses and individuals harmed by such wrongdoing unless the violation is “willful[] or intentional[].”

If information sharing is to be truly voluntarily – and if the cloud computing revolution is to realize its vast potential – Internet providers must be able to make enforceable promises about when they’ll share user information and with whom. CISPA violates this proviso and should be rejected by the House of Representatives.

>> For more on CISPA, see Ryan Radia’s essay in RedState with Berin Szoka, CISPA Shouldn’t Infringe on Freedom of Contract.