A Congressman is using the Sony hack as an excuse to revive CISPA
Lawmakers are using the Sony Pictures Entertainment hack as cover to re-introduce what critics describe as a misinformed bill which would provide companies more opportunities to spy on consumers and share any collected information with law enforcement officials.
The bill is called the Cyber Intelligence Sharing and Protection Act (CISPA) and it was first introduced in 2011, when it passed the House but stalled out in the Senate -- not that it would've become law had it passed, since the White House promised to veto the bill.
It's being reintroduced by Rep. Dutch Ruppersberger (D-Md.), a member of the House Intelligence Committee, who told the Hill he's reviving CISPA to "keep the momentum going on what’s happening out there in the world" because "we have to move forward."
The Electronic Frontier Foundation has come out against the revived CISPA and other bills meant to expand companies' ability to share information with themselves and the government without consideration for the effect it might have on consumer privacy.
"New cybersecurity legislation isn't needed and it wouldn't have stopped the Sony hack," the EFF said. "Instead of proposing unnecessary privacy-invasive bills, we should be collectively tackling the low-hanging fruit. This includes encouraging companies to use the current information sharing regimes immediately after discovering a threat."
Companies can already share threat information with each other, the government, and the public. Google did just that earlier this month when it revealed to the public a critical security flaw in the Windows operating system after first sharing it with Microsoft.
Others have sought the government's aid in responding to cyberattacks. The recent data breach at JPMorgan Chase, for example, has even inspired the National Security Agency to lend its aid to the company's response, which I described as the fox guarding the hens.
There's nothing stopping companies from sharing information about digital threats, then. As the EFF notes, preventing or at least mitigating hacks like the one against Sony would require companies to take advantage of tools already at their disposal, not a new law.