McAfee & Taft tIPsheet - July 2012: When cyber-threat protection and privacy concerns collide By Ryan Lobato


[author: Ryan Lobato]

The Cyber Intelligence Sharing and Protection Act (“CISPA”) is a pending legislative proposal aimed at protecting against cyber-threats and cyber-attacks. CISPA follows the much publicized and now effectively defunct legislative proposals Stop Online Piracy Act (“SOPA”) and the Protect IP Act (“PIPA”) as a means to combat online misconduct. On January 18, 2012, Internet megasites Wikipedia, Craigslist, Reddit, Mozilla, Linux and others voluntarily shut down their websites to protest the passage of SOPA and PIPA. Following these protests, SOPA and PIPA were indefinitely postponed. Although some critics see CISPA as a new SOPA/PIPA, CISPA has a somewhat different aim and has received much less protest from the online community.

While not required to do so, CISPA permits certain technology and manufacturing companies to share users’ personal information with the U.S. government, including information presently protected by privacy laws such as HIPAA (Health Insurance Portability and Accountability Act), VPPA (Video Privacy Protection Act) or FERPA (Family Education Rights and Privacy Act), without disclosing to the users that their information has been shared. Consequently, otherwise private information, including video rental records, book rentals, newspaper subscriptions, online reading or data protected by state consumer protection laws (like utility usage records) may freely be shared under CISPA despite existing privacy rules and sharing safeguards.

CISPA supporters state that the availability of this information will help the government identify cyber-threats and prevent cyber-attacks. Critics state that this is an unnecessary violation of privacy rights, accomplishing no more for the private sector than the currently enacted Wiretap Act and Electronic Communications Privacy Act and allowing the U.S. government unfettered access to private information for which it would otherwise require a warrant.

CISPA was passed by the U.S. House of Representatives by a vote of 248 to 168 on April 26, 2012. While by no means a foregone conclusion, pundits presently speculate that CISPA will not make it onto the Senate’s agenda. Two alternative bills generally aimed at the same measures, the Cybersecurity Act of 2012 (“CSA”) and the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (“SECURE IT”), are likely to be taken up instead.

We will keep you informed of these and other developments as they progress.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McAfee & Taft | Attorney Advertising

Written by:


McAfee & Taft on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.