Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unless I misread the bill, CISPA information sharing is opt-in. There is no legal obligation for a company to share your information.


"We got two models for you: either you continue running your site as you see fit, which of course will mean tons of take-down orders, NSLs and other harassment - OR you could OPT IN to our new system which necessitates no further action on your part, as long as you install our little black box here next to your server. Your call."


The USG could do that without CISPA. Why would they need to pass a law to do that?


They could probably, but CISPA (and the things that inevitably come after it) makes it a lot smoother.


That's not the legal obligation you should care about.

Under CISPA, there's no longer any legal obligation to protect your information. There is full immunity for not doing so.


There is immunity for sharing information "in good faith" under CISPA. CISPA is not a blanket authorization to share data.

If an ISP suffers a breach and coughs up huge amounts of PII that they handled negligently, they are absolutely still liable after CISPA becomes a law.


I did mean within the context of security and handing it over to authorities without due process, but it can easily extend to contradict your proposed scenario. If they claim that said negligence was even tangentially related to some other good faith effort to facilitate anything security related, they get a pass.


Keep dreaming ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: