It has taken billions of dollars in damages from data breaches, foreign-led attacks on government agencies and entertainment houses, but Congress is finally starting to take issues of data and cybersecurity seriously. But while the issues are deservedly being taken up on Capitol Hill, individual’s privacy rights aren’t necessarily a part of the equation.
There are a slew of data protection-related bills floating through Congress, many of them stalled for a myriad of reasons — a fate that might hit the aforementioned bills. But Congress’ sheer interest in doing something to bolster the country’s cybersecurity defenses and protect individuals’ private data should be applauded. however, the tentacles of privacy rights are far-reaching and won’t necessarily be solved through a magic-bullet bill.
Data Protection Bills Appear On Both Sides Of The Aisle
Republicans and Democrats in U.S. House of Representatives are working on two new data protection bills that aim to strengthen the country’s cybersecurity measures. Rep. Will Hurd (R-TX) introduced a new bill Tuesday called the State and Local Cyber Protection Act, which would link state and local governments with the Department of Homeland Security’s (DHS) cyberteam, so they could receive learn DHS strategies needed to better protect their systems and data, the Hill reported. Hurd’s bill would also allow DHS to share information gathered from other government agencies and private companies with state and local governments.
On the other side of the aisle, Rep. Jan Schakowsky (D-IL) is working on a data breach bill that would set a national standard for data security, requiring companies notify customers within 30 days of a breach, and limit data sharing between companies to enhance individual privacy.
The Senate passed the Cybersecurity Information Sharing Act (CISA) last week, a bill that was supported because it would would allow companies to share potential threats and consumer information with the government to better prepare for hacking attacks. The bill was kicked back to the House to reconcile differences between the version it passed earlier this year.
CISA succeeded despite warnings from the privacy and cybersecurity communities, tech companies such as Twitter, Apple, and Reddit. Chief criticisms of the bill point to CISA as a backdoor surveillance bill where non-redacted information shared with DHS could end up with the NSA, or just be monitored without a court order, potentially violating Fourth Amendment protections against unlawful government search and seizure.
Like other bills before it, CISA’s ultimate success is uncertain, as it too could become bogged down in legislative logistics, or even vetoed by President Obama. But while opponents’ concerns are valid and do pose a threat to individual privacy, they don’t address the complications that could arise from relying too heavily on private companies — particularly in the tech industry — to best utilize and protect private data.
Tech companies have been particularly fickle when it comes to privacy, championing anti-government surveillance or free speech initiatives and denouncing or towing the line on regulatory efforts that limit data exposure and sharing.
A look at 16 companies — eight tech giants and eight telecommunications companies — showed they often come up short in terms of honoring their public commitments to privacy and free speech.
According to a corporate accountability report from Ranking Digital Rights, only six of the companies earned at least half of the available points. Google earned the highest rating — 65 percent — in terms of how closely matched its public promises align with its practices.
“Nearly half the companies in the Index scored less than 25 percent, showing a serious deficit of respect for users’ freedom of expression and privacy,” New America’s Ranking Digital Rights wrote in a blog post announcing the rankings.
When it came to disclosing how user information was shared, companies including Facebook, Yahoo, Microsoft and Twitter were not very transparent. Yahoo had the highest rating, disclosing how they collected and shared user information about half the time, with Google doing so about 24 percent of the time.
Trouble Overseas
A recent European Union court decision invalidated an agreement between the U.S. and Europe that allowed companies to transfer consumer data overseas, including online searches and social media activity.
Facebook’s Chief Technology Officer Mike Schroepfer criticized the decision for complicating the purpose of social media.
“If you’re in one country and you publish a photo, and half of your friends are in that country and half are in the U.S, then obviously those people need to have access to that photo,” Schroepfer said at the Dublin Web Summit this week. “It’s complicated in that regard because the whole purpose of the platform is to give individuals the power to share something with whoever they want.”
Facebook in particular has bucked against such regulations before for limiting not only tech companies’ ability to expand globally but potentially stifling innovation. That sentiment could easily apply to industry giants looking to cultivate new markets that may not have privacy, speech or net neutrality protections in place. Thus, Congress relying on these same companies to guard privacy in the U.S., may likely breed a strong conflict of interest.