Starting February 19, every business in the United States must tell the Department of Homeland Security about vulnerabilities in its information technology infrastructure. That’s because today the DHS is quietly activating the Critical Infrastructure Information Act, a law that, like many of the steps the DHS has taken, has managed to displease both industry leaders and consumer advocates.