The public and private sector have been pushing Congress to substantively address the threat of cyber security. The Senate has responded in the form of the Cyber Security Sharing Act, also known as CISA. The bill along with its additional 22 amendments has been triumphed by many in both the public and private sector for addressing shortcomings in the cyber sector; however, advocates in the tech community and pro-privacy advocates have criticized the bill for overstepping privacy boundaries and overlooking several uncontroversial security measures.
Opponents of the bill have proposed three viable alternatives to CISA that offer increased protection for private companies’ cyber security without sacrificing the privacy of their consumers. The first alternative aims to sway hackers away from selling confidential information to the “black” and “grey” markets by creating “bug bounty” programs which incentivize hackers to report security vulnerabilities directly to the company itself. American Airlines has already successfully implemented this program and is now offering over 1 million frequent-flier miles to anyone that can report security shortcomings in its websites of apps.
The second alternative triumphed by tech community advocates clarifying and restructuring current anti-hacking laws in place. The language of the Computer Fraud and Abuse Act is overly broad preventing researchers from conducting legitimate cyber security research to fight against cybercrime. Redefining the language of the current cyber security law would allow the tech community to explore potential avenues for advancing cyber security without fear of prosecution.
In addition, leaders in tech community have urged law enforcement agencies to end the stigmatization of comprehensive encryption. In a recent press release director of the FBI, James Comey, classified strong encryption as a “threat to national security,” and suggested that all encryption should have “built in vulnerabilities” that could be accessed by law enforcement agencies. Despite Comey’s concern around potential criminals using strong encryptions to hide illicit activities, creating built in vulnerabilities presents a huge security risk for protecting confidential data.