A modest response to a real cyberthreat

[Commentary] “Omnibus Funding Bill is a Privacy and Cybersecurity Failure,” the Open Technology Institute declared on Dec. 16 . “Last-Minute Budget Bill Allows New Privacy-Invading Surveillance in the Name of Cybersecurity,” the Intercept blared. Why did Congress, in its massive year-end budget deal, slip in a measure that Gizmodo once called “the worst privacy disaster our country has ever faced”? Because it’s not. The Cybersecurity Act of 2015 is in fact a modest cybersecurity information-sharing law that tech alarmists in need of an outrage have painted as a grave threat to liberty. What these critics often fail to explain clearly is that the law is meant to clear hurdles for companies to share information on cyberthreats with the government -- voluntarily.

Among other things, the critics complain that the measure doesn’t require the government to obtain warrants for the information. That’s nonsensical, because the law does not call for coercive government data collection. The act should be measured “against the daily invasion of our privacy by these hackers,” Rep Adam Schiff (D-CA) said. “Those who believe that [the] perfect should be the enemy of the good have to justify how they’re willing to accept rampant hacking into our privacy and do nothing about it.” We couldn’t agree more.