Will New US Cybersecurity Laws Actually Improve Security?

Uploaded on 2015-04-01 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The US House and Senate Intelligence Committee just passed a Cybersecurity Bill that critics argue it is not likely to improve cybersecurity. In fact, because it undermines the privacy of electronic communications by encouraging companies to broadly share private data with the government and each other, it may actually damage cybersecurity.


For anyone who follows intelligence policy, this shouldn’t be a surprise. The intelligence community all too often launches grand new programs without conducting the appropriate research and evaluations to determine whether they will work, or simply create new harms.

The examples are numerous and it is a problem identified long ago by Clark Kent Ervin, the Department of Homeland Security’s first inspector general. As Ervin suggests, when intelligence agencies fail to evaluate their programs, a network of inspectors general, congressional auditors and outside watchdogs often fill the gap. But even when these oversight mechanisms identify an ineffective and wasteful security program, it’s all but impossible to end.

The FBI and National Security Agency had long told Congress and the Foreign Intelligence Surveillance Court that the bulk collection of all domestic telephony metadata was “vital” to its counterterrorism efforts. But once Edward Snowden leaked the program to journalists, these claims crumbled under public scrutiny. The government now admits it didn’t help interdict any terrorist attacks, a conclusion backed by a group of experts the President charged with reviewing it. Yet a bill that would not even have ended the program, but merely narrowed the government’s use of the data, failed last year.

The Cybersecurity Information Sharing Act passed by Senate Intelligence Committee is yet another example of this phenomenon. Experts agree that the bill would do little, if anything, to reduce the large data breaches we’ve seen in recent years, which have been caused by bad cyber security practices rather than a lack of information about threats. If passed by the full Congress, it would further weaken electronic privacy laws and ultimately put our data at greater risk. The bill would add another layer of government surveillance on a US tech industry that is already facing financial losses estimated at $180 billion as a result of the exposure of NSA’s aggressive collection programs.

Intelligence agencies should be in the habit of evaluating all the possible consequences of an activity undertaken in the name of security before it is implemented. As Sen. Ron Wyden, D-Ore., the Intelligence Committee’s lone dissenting vote against the bill, argued, “If information-sharing legislation does not include adequate privacy protections then that’s not a cyber security bill – it’s a surveillance bill by another name.”

We don’t need another surveillance program that doesn’t improve our security. 

Defenseone  http://bit.ly/19EQIT1

« MI6 is in a Technology Race with Terrorists and Criminals
Iran has Built a Cyber Army Faster than Imagined. »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.