The Sony hack seems to have prompted a reaction in Congress, where a number of extremely dangerous surveillance bills are moving under cover of "cyber security" legislation. Security experts say the bills would make networks less secure, not more. One of them would create a new exemption to the Freedom of Information Act, potentially enabling newly extensive government secrecy.
Of the five bills (CISA, PCNA, CISPA, CTSA, and NCPA), civil liberties group Access writes:
These bills create brand new privacy-invasive surveillance powers. Every single one of these proposals would reward companies that send user information to the government, including the NSA and FBI, without adequately protecting user privacy. Congress may vote on at least two of the bills as early as this week.
These bills allow companies to “share” just about any type of information [with the federal government], including personal information such as your computer’s IP address and email content. As technologists explain in a letter to leaders in Congress, much of this information is of little use to cybersecurity, and sharing it may even pose a threat to network security.
The bills would also increase the role of intelligence agencies in cybersecurity efforts, opening new avenues for government surveillance. In each case, the agency receiving the information is either encouraged or required to share it with other agencies. Most of the bills designate an office in the civilian Department of Homeland Security to act as the government portal. The PCNA further diminishes civilian leadership by placing leadership in an office of the head of U.S. intelligence. In addition, some of these bills allow agencies to use information ostensibly collected for cybersecurity to investigate a wide array of crimes, many of which are unrelated to ["national security."]
The hack against Sony would have been largely defeated if company executives and the people they communicate with had encrypted their emails. The misnamed "cyber security" bills that look dangerously close to arriving on President Obama's desk probably would not have stopped the Sony hack. The worst of them will, if enacted, grant the government unprecedented, warrantless access to everything corporations know about us, and give companies immunity from lawsuits even if they open the floodgates. What proponents of these bills call "security" makes us much more insecure.
Two years after the Snowden revelations, congress looks close to authorizing extremely dangerous new spying powers that will further erode our Fourth Amendment rights—rights presently on life support. That's heading in exactly the wrong direction.