Letter to the Editor: ‘Modest’ Doesn’t Describe the CISPA

Your editorial "Who's Afraid of #CISPA?" (May 21) rightly argues that facilitating voluntary information sharing is a vastly superior approach to bolstering America's cyber defenses than the new regulatory mandates backed by President Obama and Sen. Joe Lieberman. The Cyber Intelligence Sharing and Protection Act would help untangle the web of federal laws that impede companies from sharing information about cyber threats with other companies and the government.

CISPA, however, is anything but "modest." While its sponsors emphasize "voluntary" information sharing, the bill would cannibalize private contracts between cloud-computing providers and their customers, including many small businesses. Like Mr. Lieberman's bill, CISPA contains a sweeping immunity provision that would let companies break their promises not to divulge information they promised to keep private. For truly voluntary information sharing to work—and for the cloud computing revolution to realize its vast potential—Internet providers must be able to make enforceable promises about when they'll share user information and with whom.