The Senate is getting ready to vote on the Cybersecurity Act of 2012, which is considerably less ham-fisted that some previous efforts at online security legislation, as it primarily offers incentives for private industries to cooperate in voluntary partnerships with the intelligence community. There are some worries that these voluntary programs won???t be comprehensive enough to provide adequate protection from large-scale attacks from hostile governments or hacker collectives. Others fear that even these voluntary programs will compromise online privacy too much. And of course, there is the general, and not at all groundless, fear that any sweeping security legislation is likely to produce a lot of regulatory sludge, as archaic Washington bureaucracy grinds against the fast-moving high-tech world of the Internet.
Like all large-scale regulatory initiatives, the Cybersecurity Act of 2012 (CSA) includes many different programs and regulatory initiatives. Some are more provocative than others. For example, CSA would establish a ???National Cybersecurity Council??? with representatives from the Departments of Commerce, Defense, Homeland Security, and Justice. It???s supposed to help improve the electronic defenses of critical infrastructure components, such as utility companies. This would hardly be the first time a blue-ribbon inter-agency panel has been convened to analyze a potential threat.
There are also programs within the bill to improve the overall security of government computer systems, and fund more research and development for defensive technologies. It is debatable that the private sector needs any more incentives to work on such security products, since there is already great demand for them, and the private sector is keenly aware of the losses it can incur to hackers and data thieves.
More controversial are measures designed to encourage ???information sharing??? between the private sector and government security agencies. Part of this effort involves clearing away artificial barriers that prevent security and law enforcement entities from communicating efficiently with each other, while tracking down online criminals and saboteurs. But there are also incentives for private companies to work together, and share information with the government, which makes privacy advocates nervous.
Information would be shared both ways, as the CSA encourages federal agencies to share valuable data on security threats with private corporations, and even allows the government to provide security clearances to private electronic security staff, when a vital need to share classified information is perceived.
As always when dealing with matters of online security, it is necessary to share information to effectively combat online threats ??? this is warfare conducted on a battlefield constructed of data ??? but improving access to data carries the risk of threatening individual privacy. Improved efficiency in data sharing strengthens our national and private-sector systems against attack, but also makes citizens apprehensive, as their personal information floats before an increasing number of eyes, with greater speed. Even data that most people wouldn???t consider particularly sensitive or personal becomes cause for alarm when they know it will flow quickly between multiple government agencies, and be shared with numerous private corporations.
The risk to privacy is not necessarily invasive. It doesn???t have to consist of cops or corporate security officers aggressively cracking into intensely private information. Privacy can be passively threatened by highly efficient data sharing, and such efficiency is a prime goal of the CSA.
Of course, the CSA has accumulated a few amendment barnacles as it chugs through the murky waters of the Senate. The strangest is an amendment sponsored by Senator Chuck Schumer (D-NY), which seeks to attach a limit on the purchase of high-capacity gun magazines to the CSA. Citizens worried about government power metastasizing in ways that will threaten their privacy, no matter how innocuous the language of today???s legislation, are not reassured by the spectacle of opportunistic politicians stitching gun control legislation into a ???cyber security??? bill.