Santa Clara University


Business Ethics in the News

Back to Blog

CISPA: Are Privacy Contracts Only as Good as the Law that Mandates Them?

Monday, Apr. 22, 2013

Thursday, the House of Representatives passed CISPA (Cyber Intelligence Sharing and Protection Act): part of which allows companies to break privacy contracts and share consumer personal information with other firms and the US government for “cyber security purposes.” The bill allows companies such as Facebook and Twitter to share account information, messages, and other user data they determine to be cyber threat information, and to be protected from lawsuits if they do. They can do this even when there is no warrant for the information and also when the company has signed a contract explicitly stating it would disclose personal information. While the bill must survive the Senate and a potential veto from the President, many consumer rights advocates are up in arms. Provided that CISPA is passed into law, are companies ethically obligated to honor their preexisting contracts with users?

  Kirk: This is bill is a significant threat to personal privacy. There are tough choices to be made regarding the threat of terrorism, but, as written, this bill goes much too far. Any company could arbitrarily decide what is cyber threat information and then release it without being accountable for the breach of privacy. Privacy guarantees from Facebook, Google, AT&T, and Comcast would be worth next to nothing. It is not surprising some companies are supporting it; they get immunity from lawsuits for violating privacy contracts.

  Patrick: I agree, this bill goes way too far. Nonetheless, if passed, it seems unreasonable to expect companies to opt out of this “free pass” of being insulated from civil lawsuits. The emphasis then becomes how the company handles this transition and the procedure it uses for deeming content “cyber threat” relevant. Companies are obligated to be transparent with users, most importantly in notifying existing users that the privacy agreement and terms of service has changed, and would be obliged to use discretion in releasing information. Hopefully the Senate corrects the House of Representatives’ mistake.

CISPA Vote: House Passes Cybersecurity Bill To Let Companies Break Privacy Contracts

A Framework for Thinking Ethically



Comments Comments

Post a Comment