Will New US Cybersecurity Laws Actually Improve Security?

The US House and Senate Intelligence Committee just passed a Cybersecurity Bill that critics argue it is not likely to improve cybersecurity. In fact, because it undermines the privacy of electronic communications by encouraging companies to broadly share private data with the government and each other, it may actually damage cybersecurity.


For anyone who follows intelligence policy, this shouldn’t be a surprise. The intelligence community all too often launches grand new programs without conducting the appropriate research and evaluations to determine whether they will work, or simply create new harms.

The examples are numerous and it is a problem identified long ago by Clark Kent Ervin, the Department of Homeland Security’s first inspector general. As Ervin suggests, when intelligence agencies fail to evaluate their programs, a network of inspectors general, congressional auditors and outside watchdogs often fill the gap. But even when these oversight mechanisms identify an ineffective and wasteful security program, it’s all but impossible to end.

The FBI and National Security Agency had long told Congress and the Foreign Intelligence Surveillance Court that the bulk collection of all domestic telephony metadata was “vital” to its counterterrorism efforts. But once Edward Snowden leaked the program to journalists, these claims crumbled under public scrutiny. The government now admits it didn’t help interdict any terrorist attacks, a conclusion backed by a group of experts the President charged with reviewing it. Yet a bill that would not even have ended the program, but merely narrowed the government’s use of the data, failed last year.

The Cybersecurity Information Sharing Act passed by Senate Intelligence Committee is yet another example of this phenomenon. Experts agree that the bill would do little, if anything, to reduce the large data breaches we’ve seen in recent years, which have been caused by bad cyber security practices rather than a lack of information about threats. If passed by the full Congress, it would further weaken electronic privacy laws and ultimately put our data at greater risk. The bill would add another layer of government surveillance on a US tech industry that is already facing financial losses estimated at $180 billion as a result of the exposure of NSA’s aggressive collection programs.

Intelligence agencies should be in the habit of evaluating all the possible consequences of an activity undertaken in the name of security before it is implemented. As Sen. Ron Wyden, D-Ore., the Intelligence Committee’s lone dissenting vote against the bill, argued, “If information-sharing legislation does not include adequate privacy protections then that’s not a cyber security bill – it’s a surveillance bill by another name.”

We don’t need another surveillance program that doesn’t improve our security. 

Defenseone  http://bit.ly/19EQIT1

« MI6 is in a Technology Race with Terrorists and Criminals
Iran has Built a Cyber Army Faster than Imagined. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.