Congress Fails to Keep Up With Rapid Technology Advances
After the Office of Personnel Management announced in July that hackers had accessed the personal information about more than 21 million Americans who’d applied for government security clearances or served as references, it gave a boost to long-stalled Senate legislation that aims to do something about cybersecurity.
But as the bill’s progress bogged down last month in a tussle over amendments and committee jurisdiction, it demonstrated just how hard technology policy is. Even if Congress ends up enacting a cybersecurity law this year, it will only be after five years of debate and a series of hacks so alarming that 2014 became known as the “Year of the Breach.”
This is the problem for Congress when it deals with technology policy: Advances in the tech world are coming so fast that Congress’ deliberative system can’t keep pace. The advent of cheap and abundant cloud storage is exacerbating the cybersecurity problem right now, enticing hackers to go after the massive quantity of data there. But Congress has no solution.
Indeed, if the Senate bill becomes law, those who have been victimized by hackers may be disappointed with the result. Even the bill’s sponsor, North Carolina Republican Richard M. Burr, says the measure, which would encourage companies to share information about attacks on their networks by offering them immunity from consumer privacy lawsuits, is not going to solve the hacking problem. “What we’re attempting to do is minimize the degree of that loss,” he says.
Burr’s Intelligence panel gave his bill nearly unanimous support in March. For its failure to move in August, his vice chairman, California Democrat Dianne Feinstein, blamed Congress’ fiefdoms, and specifically the protests of Homeland Security and Judiciary committee senators who said they should have a say.
“In some instances they can’t get a bill out of their committee and so it’s unfortunate we are being punished because we can,” she says.
But critics of the bill said the reason Congress has done little about the cybersecurity problem is because many feel it’s better to do nothing than to do something that won’t solve the problem, while at the same time threatening more government intrusions into Americans’ personal information. The specter of Edward Snowden, the former National Security Agency contractor who revealed domestic surveillance by the NSA in 2013, casts a long shadow on Capitol Hill.
The measure’s chief Senate critic, Oregon Democrat Ron Wyden, says the legislation simply “puts more hay on the haystack. It doesn’t make it any easier to find the needle.”
Feinstein touts its narrow scope as something that should make it enactable. But when the House passed two similar bills in April, the measures’ chief critic there, Colorado Democrat Jared Polis, said it hardly made sense to risk more government mishandling of Americans’ personal data if it didn’t solve the problem. Indeed, Polis argues cybersecurity information sharing alone could make the problem worse, since companies will freely publicize the flaws in their security.
Even supporters of the Burr bill, such as Maine Republican Sen. Susan Collins believe much more needs to be done.
“Our laws have simply not kept pace with the digital revolution,” she says, adding Congress is mistaken if it thinks “small, incremental steps will be enough to stay ahead of our adversaries in cyberspace.”
At this point, the real world consequences of congressional inaction seem theoretical to most Americans, but that could change fast. What if Russian hackers start draining billions from U.S. bank accounts, or if identity theft becomes so pervasive it undermines the usefulness of the Social Security number?
Derek Khanna, a former House Republican Study Committee staffer who ran afoul of the copyright industry and lost his job when he penned a pro-technology manifesto in 2012, says it’s no wonder Congress struggles with tech.
“Many senators and members of Congress don’t use email,” he notes. “They’re pretty disconnected with how much the modern world has shifted.”