CISPA Renders Online Privacy Agreements Meaningless, But Sponsor Sees No Reason To Fix That

from the all-talk dept

Polis: Why wouldn't it work to leave it up, getting back to the contract part, and I think again there may be a series of amendments to do this, if a company feels, if it's voluntary for companies, why not allow them the discretion to enter into agreements with their customers that would allow them to share the information? ...



Rogers: I think those companies should make those choices on their own. They develop their own contracts. I think they should develop their own contracts. They should enforce their own contracts in the way they do now in civil law. I don't know why we want to get in that business.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

CISPA's sponsors insist the law is 100% voluntary—it doesn't compel companies to do anything. But as we've been warning for a year and warned again yesterday , the bill's blanket immunity provision doesn't merely clear a "legislative thicket" of laws restricting information-sharing about cyber threats. It also bars companies from making enforceable promises to their users about how they might share users' information with the government or other companies in the name of protecting cybersecurity. Yesterday the House Rules Committee refused to allow bipartisan amendment , sponsored by Rep. Justin Amash to fix this problem, to be brought to the floor for a vote.At that Committee meeting (1:01:45), the bill's chief sponsor Chairman Rogers emphatically repeated his earlier assertions that CISPA wouldn't breach private contracts in response to questions from Jared Polis:And yet... CISPA will go to the House floor as written, providing an absolute immunity from "any provision of law," including private contracts and terms of service.Only in Congress can you swear up and down that your bill doesn't do X, then refuse to amend it so that it really doesn't do X—and then lecture those who note the disconnect, like Polis, with patronizing comments like "once you understand the mechanics of the bill..." (1:02:50).It brings to mind what Galileo said after he was forced to sign a confession recanting belief in Copernicus's heretical idea that the Earth revolves around the sun: "And yet, it moves."And yet... for all Rogers' bluster, CISPA moots private contracts—and House Republican leadership won't fix the problem, even when five of their GOP colleagues offer a simple, elegant fix. This is the same stubborn refusal to accept criticism and absorb new information that brought us SOPA, PIPA and a host of other ill-conceived attempts to regulate the Internet. It's the very opposite of what should be the cardinal virtue of Internet policy: humility . Tinkering with the always-changing Internet is hard work. But it's even harder when you stuff your fingers in your ears and chant "Lalalala, I can't hear you."The good news is that, as with SOPA, this fight transcended partisan lines, uniting a Democrat like Jared Polis (an openly gay progressive from Boulder) with a strict constitutionalist like Justin Amash (the "Ron Paul Republican" from Grand Rapids Michigan)—and four more traditional Republicans. This is precisely the realignment predicted 15 years ago by Virginia Postrel in. On one side are those profoundly uncomfortable with change, desperate to control and plan the future, and so insecure about their own understanding of technology that they inevitably perceive criticism as a personal attack. On the other are those far more humble and more willing to let the future play out in all its messy unpredictability. The first camp is always pushing for the one, right piece of legislation that will avert a crisis. The second camp admits they don't know the one, best way to deal with a problem like encouraging sharing of cyberthreat information while protecting user privacy, so they reject static rules that can only be changed by Congress. They want simple rules for a complex world. At a minimum, they want what law Professor Richard Epstein argues in his book--the perfect slogan for this camp--"the most ubiquitous legal safety hatch adds three words to the formal statement of any rule: unless otherwise agreed."It's not a battle between Left and Right, or conservatives and progressives. It's a battle between attitudes towards the future: theof Congressmen like Mike Rogers and Lamar Smith (of SOPA infamy) and theof Justin Amash and Jared Polis, and SOPA foes like Republicans Darrell Issa and Jason Chaffetz and Democrats Ron Wyden and Zoe Lofgren.The dynamists may have lost this battle. But, like Galileo, we'll eventually win the war. The only questions are: How many more poorly crafted, one-size-fits-all laws will the stasists put on the books in the meantime? How long it will take to clear the"legislative thicket"--all the complex laws that attempt to provide a single answer for a complex and unknowable future? And when will it finally become unacceptable for Congressmen like Mike Rogers to ram through legislation that doesn't even do what they claim?

Filed Under: cispa, cybersecurity, dynamism, house rules committee, jared polis, justin amash, mike rogers, privacy