Right now, there’s a lot of talk going around about HR 3523, a bill called CISPA (for Cyber Intelligence Sharing and Protection Act) and while it’s good that Congress is looking into this country’s failing vision on national cybersecurity, it’s also becoming obvious that CISPA is not the answer.

Already, the Electronic Frontier Foundation has released a warning that the language of CISPA is written so vaguely that it means the government could reach out to touch individual users. Already people are beginning to complain that this is another SOPA; but it’s nothing of the sort as it directs its attention at citizens whereas SOPA would have targeted cyberlockers and websites for shutdown. Language in the bill, the EFF argues, could open the door for massive spying and would encourage ISPs, media sites, and possibly even cyberlockers to give up information on their users to the government under the guise of “cybersecurity.”

“There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes’,” EFF writes. “That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats.”

Cybersecurity in the United States is woefully lax and I’d be one of the first security bloggers to push the government to think long and hard about enhancing it, but there’s a tightrope to walk when it comes to the security of citizens. Privacy and security walk hand in hand and make no mistake, we’re not secure because we’re private, maintaining privacy is part of having security itself. The sort of security that I think should be written into law is that which advocates and requires policies that protect privacy, encrypt and house proprietary information, and make it less available to outside sources who haven’t received proper authorization to capture, intercept, or process it.

The EFF and ACLU and privacy watchdogs will jump on this as an obvious state of citizens being spied on. Certainly, there is that. Just as legislation like SOPA would have enabled copyright holders to stifle innovation and put a stranglehold on the cloud—and we know that they’re still trying after hearing it almost like a slip of Chris Dodd’s tongue—decreasing the privacy of users who make use of the Internet, social media, mobile phone networks, cyberlockers, and even the cloud will weaken cybersecurity for everyone.

Any system that has a back door built in purposefully is weaker than one that does not—after all, it has a purposeful flaw.

If we want to be serious about cybersecurity we should spend our energy on bills and legislation that set policy for hardening our defenses and not weakening them. We should be giving technology and information companies reasons to not leave chinks in their armor. Anonymous, AntiSec, and LulzSec are not the scariest Internet boogeymen out there—there’s nation state funded hackers out there—and what amounts to an amorphous bloc of activist hackers successfully break into sheriff’s e-mails and other sensitive records.

It’s about time for the industry to speak up about how they intend to comply with the efforts of law enforcement without endangering their very customers (and the product itself) by embedding very real flaws in it. In fact, we need to rethink the paradigm of cybersecurity legislation and policy so that we’re not constantly trying to tussle between user privacy, enterprise integrity, and security because these three elements are linked and integral to each other.