The Senate passed a controversial cybersecurity bill Tuesday night in response to calls for Congress to prevent cyber threats to the United States. This is a continuation of the debate between personal privacy and security, and a decisive victory for those who favor the latter.
In a 74-21 vote, the bill — dubbed the Cybersecurity Information Sharing Act, or CISA — would allow data sharing between corporations and the government on the grounds of security risks. Essentially, the data exchange would allow government access to cyber “signatures” of lower-level hackers that leave behind a digital trail of who they are and where they came from, according to The New York Times.
But while the bill may seem like an effective use of government interference to safeguard vulnerable servers, CISA compromises consumers’ privacy and is merely a formality that enables higher surveillance without substantial protection. In addition, it doesn’t accomplish much of anything for the government in the first place since it was written with now-outdated hacking technology in mind.
This bill, though it will tap into corporations rather than public phones, is a roundabout method of renewing Patriot Act surveillance methods that are unproductive and elusive on civilians. CISA is merely a paper shield to the American people, while the actual security measures the bill boasts are underdeveloped.
The House of Representatives passed two pieces of cybersecurity legislation earlier this year that addressed similar information-sharing initiatives through different methods. CISA came into the fray after one of the worst government cyber attacks in recent memory, in which 22 million government employees’ information was compromised. All three bills will be combined in an upcoming House-Senate conference, where it will receive some tinkering before it reaches the president’s desk.
This bill, more or less, has been in the works for a while. Over the past four years, Congress has been waffling back and forth between moving forward with comprehensive legislation over privacy versus protection debates. This was critical time Congress wasted if it hoped to put together an effective defense, while, in the meantime, hacking grew far more complex and sophisticated than the legislation in question could address.
But as the legislation began to move in the Senate, criticism from the private sector increased. Days before the vote, tech giants, including Facebook and Apple, came out against the bill, stating that CISA will unofficially become a front for government spying.
There’s no denying that the bill needs some serious work. Because CISA was tabled for so long, it is not up-to-date with modern hacking technology — even the bill’s co-sponsors noted that CISA would not have stopped the cyber attack on Sony Pictures Entertainment last year.
But despite the legislation’s potential to halt amateur hackers, CISA represents a larger problem.
Cybersecurity is developing faster than Washington acts, and efforts for larger surveillance without a comprehensive plan of how it will benefit leave unnecessary government interference without significant gain.
Meanwhile, a culture of surveillance is growing without significant reason. Because the Patriot Act expired with no results to show, mass surveillance should have been dubbed a security failure rather than renewed only months later.
Bills like CISA forward the facade of security under surveillance while, in practice, accomplish far less than promised in Washington.