“Cyber attacks” would stop very quickly if the FTC actually held companies accountable.

When T-Mobile and Experian leaked 15 million customer records to identity thieves, what was their solution? Two years of (Experian) credit monitoring for customers, and millions of dollars spent lobbying for CISA, a surveillance bill that could give them immunity for leaking private customer data, as long as they share it with the government. This security negligence has to stop. It's time for the FTC to do its job and start fining companies who put their customers at risk. This will give companies an actual incentive to invest in network security, something CISA utterly fails at.

TELL THE FTC: Make T-Mobile and Experian pay for leaking our data!

In yet another case of security negligence, T-Mobile and Experian have leaked millions of people's private information to identity thieves. Meanwhile these companies have been lobbying for immunity under CISA. The FTC should investigate these companies and hold them accountable for any negligence. These breaches could have been prevented, but for too long companies have had no incentive to take their customers' privacy seriously. Please do your job, enforce the law, and send companies a message that privacy isn't optional—it's a human right.

CISA is the opposite of cybersecurity.

Blanket immunity rewards security incompetence.

There are many ways a cybersecurity bill could protect us against foreign hackers. Congress could require government contractors to upgrade from outdated systems like Windows XP, or require companies to notify customers about security vulnerabilities if they can't be fixed within a reasonable amount of time. Basic security hygeine standards around storage of private user data could be established. Unfortunately CISA does none of these things, because government agencies and corporate lobbyists don't want to actually invest in network security. Instead, CISA lets companies get off the hook for the worst types of privacy violations, as long as they share data with the government.

Sharing data with the government puts us all at more risk.

CISA will put more private data in the hands of a staggeringly wide array of government agencies. Agencies like the Department of Commerce, the Department of Energy or the IRS are not equipped to safeguard this data—in fact, all of these agencies have been recently breached. How would giving more private sector data to the U.S. government protect our cybersecurity when these government agencies can't even protect the data they already have?

The FTC already has authority to regulate cybersecurity.

Cyber attacks aren't magic and hackers aren't wizards. Many of the biggest breaches could have been prevented if companies employed basic operational security measures, but companies have too much data and they're not taking security seriously. The FTC has the legal authority to investigate privacy breaches and impose fines and sanctions on companies in cases of negligence. The government already does it for oil spills, why not cybersecurity breaches? If companies faced strict penalties for exposing customers to identity theft, they would actually invest in security. This alone would stop hackers more than CISA ever could.

Dial 985-222-CISA to call Congress now.

Internet users demand meaningful cybersecurity legislation, not more mass surveillance. Millions have already spoken out, and there's still time to send Congress a clear message. Please call your representatives, and share this page to spread the word!

Share Tweet Email