The engineers who designed the Internet focused on connection and communication, not safety and security. That's one reason hackers have been able to take surreptitious control of Internet-connected devices, cripple websites and steal valuable data. Now, lawmakers are considering whether to vastly expand the government's role in protecting Internet services and corporate computer networks against cyber attack. But while the online security threats are serious, encouraging private industry to funnel information to the government poses its own set of problems.
Disturbed by reports of Chinese hackers brazenly raiding U.S. corporate networks to steal trade secrets and track dissidents, the House is expected to take up a bill this week that would allow companies and the government to share more cyber security tips and techniques. The noncontroversial part of the proposal would let federal intelligence agencies disclose sensitive information about cyber threats to utilities, ISPs and corporate network operators. The controversial part would encourage private industry to monitor any and all activity on their networks for cyber security problems and share even potentially sensitive personal information they collect with the feds.
The bill's authors — the top Republican and Democrat on the House intelligence committee — are so eager to beef up the private sector's defenses, they would waive wiretapping rules, privacy regulations and all other laws to let companies use vaguely defined "cyber security systems" to obtain information about cyber threats and share it with anyone, including the Department of Homeland Security. To accommodate the rapid changes in technology and hacking methods, the measure broadly defines the information that companies could monitor, collect and share in the name of cyber security without fear of liability.