So, in this law the government and internet companies can voluntarily share information about cyber threats and suspicious activities online. However, the problem with voluntary sharing programs is that they can turn into “voluntary” programs. What do I mean? Well, if the government is not required to give the information to all parties that could be affected in some sort of terrorist act the government could decide to give information to companies that are sharing information with the government. Additionally, the government could punish companies, like Twitter, that fight the government over privacy issues by not sharing information.
These are pretty obvious problems with this type of law. It assumes that each event is independent and previous actions have no consequent. This is a faulty premise. If this is viewed as a multi-turn prisoner’s dilemma, it’s obvious that with repeat interactions the best actions will always be to share. This will likely lead to sharing when there are cases of doubt over if the company should share or not. Companies will fault on the side of security over privacy, because the future benefits outweigh any punishment the users can enact on the companies.
These types of pseudo quid pro quo is impacting the US government in other ways including lobbying. It is likely that this information exchange will be used by companies whenever there are negotiations for future laws. They will be able to say, “you need to respect our rights to X, look how friendly we’ve been with the government” and then show a list of times they voluntarily gave data to the government. This was a tactic that Ma Bell used to keep their monopoly as long as they did. Because the company was providing the government with extra public goods (military research), the government was willing to over look the fact that the company was a monopoly and perhaps should be broken up.
CISPA is a dangerous law that we need to carefully weigh accepting. We need to pressure internet companies to step away from the law. We also need, if it passes, better understanding of when companies hand over data willingly and for what reasons. We should also be notified any time a company hands over our data about us to the government for any reason.