Hill aides, ACLU urge Obama to address cybersecurity bills

Republican congressional aides and a top ACLU lawyer agreed Tuesday that the Obama administration needs to send Congress its views on pending cybersecurity legislation and whether it needs new authorities to monitor and defend Internet networks.

The White House has largely sat on the sidelines as lawmakers and key congressional committees wrangle over competing cybersecurity bills.

"The timing now is important for the administration to offer a proposal," Louis Tucker, minority staff director for the Senate Intelligence Committee, said during a forum hosted by the Heritage Foundation. "We need that to happen. It would help our bosses and everybody in Congress to come together."

Michelle Richardson, legislative counsel for the ACLU's Washington office, agreed. She said Congress should not grant the administration any new authorities to monitor and defend critical networks until the administration explains its current cybersecurity authorities and what it wants from Congress.

Richardson added that the administration should also explain how privacy rights and civil liberties of U.S. citizens would be protected under any new authorities.

Although the administration has not weighed in on the competing legislation in Congress, it has asked for authority to expand its ability to conduct electronic surveillance on new communications tools, such as peer-to-peer services like Skype and Google Chat.

"This is the problem. The train is leaving the station," Richardson said.

The administration's request is under consideration by the Senate and House Judiciary committees. It is being handled separately from efforts to draft comprehensive cybersecurity legislation, which are being undertaken by the Senate Homeland Security and Governmental Affairs Committee and the Senate Commerce Committee.

The two panels are making progress but are still grappling with several unresolved issues, said Brandon Milhorn, Republican staff director and chief counsel for the homeland security panel.

Issues that still need resolved include whether private companies should have liability protections if their information technology networks are compromised; whether the government should have the ability to require the owners and operators of critical infrastructure to undergo audits; and whether companies would have to report breaches of their networks to the government.

Milhorn said lawmakers are still waiting for the Homeland Security Department to comment on the legislation.

It is far from certain that the Senate will be able to come to an agreement on passing a cybersecurity bill anytime soon. Tucker noted that Senate Intelligence ranking member Kit Bond, R-Mo., and Sen. Orrin Hatch, R-Utah, have introduced their own cyber bill. He said Senate leaders have assured Bond and Hatch that their bill would be considered in the mix.

But Tucker said he does not believe a cyber bill would get through the Senate by year's end.

"It looks to me like comprehensive legislation will have to wait until next year," he said. "I'm not optimistic of major cybersecurity legislation passing in this upcoming lame duck."

Milhorn acknowledged that it would be difficult to pass a bill during the lame duck session.

Click here to get a glimpse of National Journal's new website.