Bridenstine Votes Against CISPA
Today, after careful consideration, I decided to vote against the final passage of the Cyber Intelligence Sharing and Protection Act (CISPA). To be clear, there are provisions of the bill that are very good and I support, but there are also provisions that prevented me from supporting it.
I support the language in CISPA that enables the government security agencies to rapidly share classified cyber threat information with private companies. The existing Department of Defense cyber security defense industrial base programs have been successful partnerships between the government and eligible companies. Expanding these programs beyond the defense industrial base is a step forward in the government sharing classified cyber threat information and would go a long way to protecting our nation’s networks.
However, CISPA should have stopped there. In my opinion, it went too far in the provisions that encouraged private companies to share information. The bill grants immunity to private companies when they share information with the government and with other private entities. Entities choosing to participate in CISPA could simply not offer customers credible commitments that they will not break privacy contracts. While attempting to increase information sharing, CISPA undermines the sanctity of a contract.
On a slightly positive side, the immunity provision only offers liability protection if the entity shares the information “in good faith.” It is my assessment, however, that “good faith” is too low and too vague a standard by which to render all other federal or state privacy laws and private businesses' privacy contracts unenforceable, as CISPA does. In the coming years, we will likely see how the courts interpret “good faith.”
If enacted into law, CISPA will sunset and return for reauthorization in 5 years.