October is National Cyber Security Awareness Month. It's a good time to remember that America's formidable cybersecurity challenges require smart, targeted policy reforms that will strengthen our network security by encouraging proactive research and robust defenses. Unfortunately, some in Congress instead choose to prop up the Cybersecurity Information Sharing Act of 2015, an unsuitable bill that could ultimately weaken security while promoting government data extraction.
This act is only the most recent in a line of several failed legislative proposals going back to 2011, seeking to extend legal immunity to corporations that collaborate with federal agents. Supporters of the act argue that customers should not be allowed to sue corporations that share their data with intelligence agencies like the National Security Agency. They fear this layer of legal recourse will make companies less willing to share private information with the government.
But the act is unlikely to improve cybersecurity because it is founded upon flawed assumptions about the problems we face, the government's capabilities and the privacy risks it creates.