I have written about CISPA a lot but today is the first important vote on this legislation. If you haven’t done so already, please contact your representatives to let them know you are against this bill. As a reminder it provides for overly broad data sharing between private enterprises and government without any safeguards around how government can use this data.
Now it is easier to be against something when you can also be for a credible alternative. What should that be? There are many private companies either already in business or being formed to fight fraud. For example, at USV we are excited to be investors in Sift Science, which provides fraud detection on a easily affordable self service basis.
So instead of CISPA what we need is legislation that provides an explicit safe harbor for sharing personally identifiable information with companies such as Sift, which combine threat information across many customers, and not have that be a violation of privacy laws. Such a safe harbor will spur private investment in fraud mitigation and innovation. Companies such as Sift in turn should not be turning information over to the government wholesale but only in response to legitimate information requests.
