In the modern age of digital information and the explosion of mobile technology, the balance between liberty and surveillance has become more prominent as businesses and lawmakers alike have sought to strengthen cyber security in society. Unfortunately, in practice, the scale continues to be tilted far more heavily against citizens’ freedoms.
The scales stand to tip further with the Senate’s passage of the Cybersecurity Information Sharing Act, a bill that proponents claim will allow businesses to share information with the federal government in order to strengthen their security protections. Unfortunately, much of the action outlined in the legislation has more to do with legal protections for businesses than actual cybersecurity measures, and these protections stand to come at the expense of consumers’ private information being made available to federal agencies.
According to the Guardian, if passed by Congress and President Obama, CISA will create a program within the Department of Homeland Security with which corporations will voluntarily share user information, which can include detailed financial and health information, with federal agencies.
On the surface, these actions of the bill, considered separately from their motives or intended effects, seem very intrusive and entirely unnecessary. Other citizens might disagree, but I personally would rather not have my consumer information shared with the federal government, and there is not any good reason why they should have access to it.
The action of allowing businesses to share consumers’ private information also does nothing to strengthen cybersecurity by itself. If companies are simply sharing a copy of the information with federal agencies, then the information is going to be stored in more places digitally, and therefore more available to potential hackers. If companies are instead transferring their consumer information to the government, which is far less likely, that also does not enhance cybersecurity as it simply transfers ownership of the information to another source.
Are legislators running on the assumption that the federal government is somehow leagues above the average security firm at protecting information? That’s a dangerous assumption to make about an agency that due to its size, cannot operate as quickly as independent hackers and just last week saw the email of the Director of the Central Intelligence Agency hacked by a teenager. As Shlomo Touboul, CEO of cybersecurity firm Illusive Networks points out in Forbes, “Cyber attackers are organized like malicious, agile start-ups that don’t require consensus for success, while government legislation and consortiums don’t move at the same speed as a cyberattackers.” So if CISA isn’t created to effectively protect consumers’ private information, what is it designed to secure?
Here’s the kicker: If this bill is passed, in exchange for sharing consumer information with federal agencies, participating corporations will receive complete immunity from Freedom of Information Act inquiries and regulatory action pertaining to the data they share. In other words, CISA is essentially an incentive for businesses to share private consumer information with the government in exchange for liability protection and freedom from certain regulations and pesky citizen freedoms like Freedom of Information Act requests.
Cybersecurity is important and I will not deny that organization should pay greater attention to protecting their customers’ information in this day and age, but this bill is not the way to go and should not be passed. CISA represents another tilt in the scales against citizens’ freedoms and rights to privacy, and has been represented extremely dishonestly by its proponents. The government should not have access to our private financial and health consumer information, and it’s wrong to try to incentive businesses to betray their customers’ trust by further freeing them from liability and public scrutiny. This bill is a step in the wrong direction, and the only thing it should be shared with is the trash.
Collegian Senior Columnist Sean Kennedy can be reached at firstname.lastname@example.org or on Twitter @seanskenn.