Congress Cybersecurity & Tech

Ryan Radia of CEI on the Liability Exemption Provisions of Lieberman-Collins

Paul Rosenzweig
Thursday, July 26, 2012, 12:16 PM
Ryan Radia, who works for the Competitive Enterprise Institute, writes in with a few a couple of addition points about the liability exemption provisions of the Lieberman-Collins bill in Section 706.  He notes:
-          It isn’t clear to me why 706(g) is necessary or desirable. If anything, as you point out, it only serves to increase legal uncertainty. Because section 706 is the exclusive source of immunities conferred upon private entities in Title VII, any sharing/disclosure/monitoring/etc.

Published by The Lawfare Institute
in Cooperation With
Brookings

Ryan Radia, who works for the Competitive Enterprise Institute, writes in with a few a couple of addition points about the liability exemption provisions of the Lieberman-Collins bill in Section 706.  He notes:
-          It isn’t clear to me why 706(g) is necessary or desirable. If anything, as you point out, it only serves to increase legal uncertainty. Because section 706 is the exclusive source of immunities conferred upon private entities in Title VII, any sharing/disclosure/monitoring/etc. conducted under the guise of Title VII that *isn’t* immunized by (a), (b), (d), (e), or (f) remains subject to whatever criminal and civil penalties would attach to such conduct were it carried out today. Either I’m missing something here, or the drafters are. (Or (g) is merely a restatement of the clear inference drawn from the other subsections, in which case it’s surplusage, which drafters seem to love these days.) -          706(b)’s defense goes beyond mere good faith; it is available only to private entities who have a “a reasonable good faith reliance” (my emphasis) that their conduct at issue was authorized by the Title, but not otherwise protected under 706(a). Thus, if a company’s lawyers take reasonable steps to ensure a disclosure of information is authorized by the Title, but it turns out later the information had nothing to do with a cyber threat, the company remains immune from suit. I supported the inclusion of the term “reasonable” here because a subjective good faith standard is fairly toothless, especially if companies are presumed by default to be acting in good faith (as they are in CISPA’s immunity provision, according to the HPSCI committee report on the bill). In my work on copyright and DMCA issues, I’ve written about content companies that send tons of illegitimate takedown notices against YouTube videos that clearly fall within the fair use exception. In many cases, courts have held that because the DMCA only requires senders of takedown notices act in “good faith,” rights holders who send bogus takedown notices face no penalty for “unknowing mistake[s] ... even if the copyright owner acted unreasonably in making the mistake.” Romney and McCain’s campaigns have learned this lesson the hard way on YouTube.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare