Shortcomings of Cybersecurity Bills

[Commentary] A series of brazen hacking attacks against companies like Sony Pictures, Target and Anthem have spurred lawmakers in Congress to propose cybersecurity legislation. These bills could help make American networks somewhat less vulnerable to hackers, but they would do so at a cost to the privacy of individuals.

Public interest groups like the American Civil Liberties Union and the Center for Democracy and Technology are concerned that these bills could become a way for government agencies to increase surveillance on individuals. The bills would allow businesses to share data that include some personal information about customers, employees and Internet users. They would also allow government agencies like the National Security Agency and the Federal Bureau of Investigation to use that information in investigations that are not related to cybersecurity without having to obtain a search warrant as they are normally required to do. In addition, the bills would allow businesses to defend themselves against hackers through software that could remotely disable or disrupt the computers or networks suspected of being behind the attack. A broader failing of these bills is that they will not push corporations to make their computer systems more secure from hackers, something that is clearly needed given recent high-profile attacks. For one thing, giving companies immunity from lawsuits even when they fail to respond to credible threats reduces their incentive to invest in more secure systems.

When cybersecurity legislation comes to the Senate floor, lawmakers should fix the shortcomings of these bills.