Question To Ask Anyone Who Supports CISA: What Breach Would It Have Stopped?

from the simple-questions dept

We've asked this before and no one answered. But with the faux "cybersecurity" CISA bill back on track for another vote, it's time to ask the question again: Can defenders of CISA explain what data breach it would have stopped? This is important, because many of the defenders of CISA keep pointing to things like the OPM hack as an example of why we need "cybersecurity regulations." Just yesterday, Senator John McCain used various recent high profile hacks as proof of why we need such a bill:
The chairman of the joint chiefs of staff is uncomfortable about the cyberthreats to this nation -- which just took place where millions -- MILLIONS! -- of Americans had their privacy hacked into. God only knows what the consequences of that are. And the other side has decided to object to proceeding with a bill that passed through the Intelligence Committee by a vote of 14 to 1. This is disgraceful.
But as policy counsel at the Open Technology Institute, Robyn Greene, recently noted on Twitter, none of the recent hacks would have been stopped if CISA was law.
It seems like a fairly important question, especially when politicians are pointing to those and similar hacks or data breaches as examples of why we must pass CISA. Yet they can't explain how the law would have stopped those breaches (because they can't, because it wouldn't have).

John McCain wants to talk about "disgraceful"? Isn't it more disgraceful to point to an attack that this bill would not have helped with as a key argument for why this bill needs to pass?

This is some pretty serious hand-waving on the part of the politicians. Of course, the truth is that they simply don't understand the details enough to know what they're doing. They just hear from surveillance/law enforcement types saying that we "need cybersecurity legislation" and then they hear about these breaches and they immediately connect the two. Yet, they don't know what the law really does or why it's needed, and certainly don't understand how breaches happen or what it would take to prevent them (if that were even possible). So they just say "well, cybersecurity!" as if that's good enough.

It's not.

The changes brought about by CISA could have a pretty serious impact on our privacy and security and if Congress is going to pass it by pointing to these breaches, they should first be required to explain how the law would have helped to stop any of those breaches. We'll wait.

Filed Under: breach, cisa, cybersecurity, hack, john mccain

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Spaceman Spiff (profile), 5 Aug 2015 @ 6:42pm

    We'll wait.

    Just don't hold your breath!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.