That’s why congress has dedicated select committees that hold hearings with leading experts. Lawmakers handle the lawmaking part (plus the partisan shenanigans), experts inform congress on the necessity of those laws and what they should entail.

Haphazardly.

Congress has committees that have meetings with “experts”. Sometimes these are people with universities, sometimes they’re people who work in a particular industry. This has the advantage that those folks definitely know more about the subject than the people in Congress. It has the disadvantage that you’re basically asking the people who run the industry to make their own laws.

The other method is to pass a broad law and grant authority to an administrative agency. You can create something like the Environmental Protection Agency, and then pass the Clean Air Act. And in the law you say “the EPA has the authority to create regulations to limit the amount of XYZ particles in the air”. You can do the same thing with cybersecurity. And you just push the responsibility on whoever gets appointed to run that agency.

Part of the reason the US President has become as powerful a position as it has, is because the President appoints the leaders of all those administrative agencies. For decades, Congress has invested a lot of their own decision making authority with those agencies. So whoever is in the White House gets to hand-pick who runs the agencies, and decide what regulations they want to create or eliminate.

TLDR: They often don’t

Most law makers barely understand how a computer works, let alone the nuances of cyber security and the realities of piracy and copyright law on the web. Many are hopelessly clueless about the laws they are passing and the consequences they will have.

There’s a famous video of Mark Zuckerberg being asked inane questions from law makers that clearly didn’t understand the basic concepts of internet advertising revenue, data retention, social media manipulation, or even the difference between cellphone brands and couldn’t distinguish the difference between the Internet and ‘The Google’.

Law makers rely on experts and committees to steer direction in terms of laws and regulations. But these committees are also often stacked with lobbyists with corporate interests that steer laws in their own favor.

The short answer is – they don’t. Lots of bills are super long, filled with unrelated items, and voted on without fully understanding what’s in them.

Add in technically complex items like cybersecurity – and the chances they actually understand are very low. Just watch some of the testimony of folks like sundar pichai and it will be apparent they’re clueless

It’s a key reason why many are frustrated with the demographic of congress skewing older – a lot of them don’t understand technology in a way to effectively regulate it

If you think cyber security bills are bad, you should see the same old fools trying to write firearm bills.

The same way people can legislate about traffic without knowing the inner workings of a car engine.

The details are often not important, it’s the overall effect that matters.

Politicians pass bills that they think people want so they can get votes in the next election. Most politicians know very little about the law they are trying to get passed. You might think I’m being cynical, but this is usually true. There is no way that politicians, who are elected based on personality and no actual qualifications, can be experts in every field.

The short answer is: They don’t.

Those bills are often written by lobbyists suggesting wording, or other special interest groups, or (and this is a big one) the Heritage Foundation writing the proposed law and then handing it off to some clueless politician.

Lawmakers don’t write laws. That’s a common misconception. They just vote on them.

Their staffers or lobbyists do. They give a point list of things they want in the new law to their stuff and they write the law. Or they get already written one from lobbyists.

It’s a common knowledge that most of them don’t even read the laws before the vote. And those who actually read them can and do ask experts in the field about it if they feel like it.

More often than not, they don’t. As is the case with most laws they “write” and try to pass. Even very, very serious pieces of legislation (the Affordable Care Act and the Authorization for Use of Force Against Iraq Resolution, for example) ges voted on by people who have barely even read the first page. There’s a reason Congress has an abysmal approval rating.

And it isn’t just Congress, either. States often do the same thing, like California requiring that all semi-automatic firearms sold in the state to microstamp ammunition when it isn’t technically possible (let alone feasible).