This May, Congress is expected to come together on a bill to protect private entities that secretly share user data with federal agencies. Privacy advocates say the Cybersecurity Information Sharing Act (CISA) threatens Americans’ civil liberties by sanctioning yet another avenue for government surveillance. But there’s another big problem as well: CISA is unlikely to meaningfully prevent cyber-attacks as proponents claim, and could ultimately weaken cybersecurity.
The stated premise behind laws like CISA (and the defeated 2013 Cyber Intelligence Sharing and Protection Act) is that cyber-attacks can be prevented if private network operators are able to quickly report and disseminate information about new threats and vulnerabilities. Proponents envision a seamless, national cybersecurity-threat system to roust the hackers, coordinated by the federal government.