Just as they did in the aftermath of the Sony hackJust as they did in the aftermath of the Sony hack, America's lawmakers are trying to push through flawed cybersecurity legislation in the wake of the T-Mobile hack that has affected as many as 15 million customers.
Senators Dianne Feinstein (D-California) and Richard Burr (R-North Carolina) issued a statement Friday urging Congress to pass the Cybersecurity Information Sharing Act of 2015, a privacy-killing piece of legislation that would allow the federal government and private companies to share information freely.
The bill nominally allows companies to access classified information that lawmakers say could help prevent data breaches such as the one experienced by Experian earlier this week, which exposed 15 million social security numbers. Most importantly, however, it allows companies to share your information with the Department of Homeland Security and local law enforcement, which privacy groups say could create a new method for warrantless wiretapping.
If it sounds familiar, that's because it is: The bill is similar to CISPA, a piece of legislation that was killed after massive protests from many internet users. CISA, its successor, has been bandied about Congress for two years now, but the public backlash against it has kept the Senate from taking a formal vote on it.
Unsurprisingly, Feinstein and Burr say that privacy groups have "mischaracterized" the bill, and urged their colleagues to pass it in a strongly worded statement:
"We woke up this morning to news of the latest major breach of personal information through a cyber hack, with 15 million people's private information stolen from T-Mobile and Experian. For months, we have been trying to pass important, balanced legislation to help companies get the information they need to stop losses like this. Despite strong bipartisan support in the committee and the Senate, and support from the administration and the business community, there are some groups that are opposing the bill out of a knee-jerk reaction against any communication between the government and industry. If these special interest groups are successful in mischaracterizing this bill, which authorizes purely voluntary sharing, they will only succeed in allowing more personal information to be compromised to criminals and foreign countries."
As many have noted, however, the information sharing would be anything but voluntary. Moreover, there's no real evidence that CISA or any other cybersecurity bill would do anything to prevent these sorts of hacks.