Stewart Baker writes that CISPA "would have undone a couple of overbroad privacy laws from the 60s and the 80s."
But he doesn't tell us the names of those laws.
He also neglects to tell us that CISPA goes much further, by saying that "Notwithstanding" any law, our medical records, passwords, and emails can be shared without telling us.
Baker makes CISPA seem like it would narrowly affect privacy.
In reality, CISPA would broadly destroy privacy.
Baker also implies that ISPs can't share malware information under current law.
In reality, they can. They do it through a non-profit, "the National Cyber Forensics and Training Alliance." Kashimir Hill wrote about it in a Forbes article, "The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA."
SEC. 702. VOLUNTARY DISCLOSURE OF CYBERSECURITY
THREAT INDICATORS AMONG PRIVATE ENTI3
(a) AUTHORITY TO DISCLOSE.— Notwithstanding any
other provision of law, any private entity may disclose law
fully obtained cybersecurity threat indicators to any other
private entity in accordance with this section.
A newspaper publishes a story about illegal activity by a corporation. Then the corporation can contact the email-provider of the journalist who wrote the story, and say the information in the article was based on unauthorized computer access, and therefore they need to read the journalist's emails to find out who contacted him. Then the corporation can fire the whistleblower and may even press charges against the whistleblower.
The law removes all privacy protection with the phrase "Notwithstanding any
other provision of law." Emails, passwords, and medical records can all be distributed under it without the users permission, and without the user ever being told.