Congress is slated to vote on the Cybersecurity Information Sharing Act (CISA)
Jared Polis: This bill trades our privacy rights for the temporary illusion of improved security
Editor’s Note: Jared Polis, a Democrat, is U.S. representative for Colorado’s 2nd congressional district. The opinions expressed in this commentary are solely those of the author.
On Friday, Congress is poised to respond to Americans’ growing concerns about cybersecurity by passing legislation that trades our privacy rights for the temporary illusion of improved security.
Of course, we must improve our nation’s cybersecurity both in the government and in the private sector. Over the past two years, cybersecurity failures in the face of malicious attacks have become alarmingly common. The attacks have compromised sensitive government information, rattled our nation’s tech sector and exposed Americans’ personal information to the public.
But when Congress tackles these issues, we have to distinguish between thoughtful, targeted solutions to problems that empower private sector businesses and sweeping “solutions” meant to convey the appearance of improved security while actually harming it.
A measure slipped at the last minute into a government-funding bill that Congress is slated to vote on this week: the Cybersecurity Information Sharing Act.
If CISA’s only problem were that it’s ineffective, that would be one thing. We’d object to it, but perhaps not quite so strenuously. But CISA doesn’t just fail to address our existing cybersecurity problems; it stands to create a whole raft of new ones.
Worse still, by slipping this bill into must-pass legislation, House leaders are giving privacy-minded members of Congress an impossible choice: allow a bill that threatens Americans’ civil liberties to become law or force a government shutdown.
Forcing representatives to sell out their constituents in this way as a condition of funding the basic operations of the government hardly seems consistent with the “open process” and “regular order” that Speaker Paul Ryan and Senate Majority Leader Mitch McConnell have repeatedly promised.
CISA’s premise is simple: The bill would encourage companies to share information about cyberthreats with the federal government by granting them protection from liability.
In theory, the bill is meant to combat big hacks such as those that affected Sony, Anthem or Home Depot. But in practice, CISA probably wouldn’t have stopped any of these well-publicized attacks and probably won’t stop future ones.
Why? Because information-sharing is only a small part of the comprehensive cybersecurity strategy we need to protect ourselves from hackers – and it’s not even one of the important parts.