House Set to Move Major Cybersecurity Bill This Month

The House will take up cybersecurity legislation on the floor this month after the chamber reconvenes from its spring recess, according to an agenda from Republican leadership.

A memo to members circulated Thursday by Majority Leader Kevin McCarthy has targeted the week of April 21 for consideration, just weeks after a cyber bill cleared the House Intelligence Committee unanimously last month. A companion measure is expected to be introduced and possibly marked up next week in the Homeland Security Committee.

Cybersecurity has been widely viewed by both parties as one of only a handful of policy arenas where Congress can bypass gridlock and pass something of substance this year. Though lawmakers have tried and failed for years to pass information-sharing legislation, recent high-profile data breaches have made the issue a top priority.

"Under constant attack, U.S. computer networks have already sustained numerous high-level security breaches, including the hack of Sony Pictures last fall," the memo reads. "These intrusions have cost American businesses hundreds of millions of dollars, while giving foreign entities access to sensitive intellectual property and military information."

The bill under consideration involves granting companies protection from legal liability if they choose to voluntarily share certain cyberthreat data with the government. Proponents contend that expanding so-called information-sharing between the private sector and agencies like the Homeland Security Department will allow companies and the government to better detect, minimize, and perhaps avoid critical cyber intrusions.

But privacy advocates worry that legislation advancing in both the House and the Senate could bolster government surveillance, as the bills call for real-time sharing of data with the National Security Agency and other government entities.

Still, the quick movement on information-sharing could also be good news for privacy advocates still hungry for an NSA reform bill. A number of lawmakers, including Rep. Adam Schiff, the top Democrat on the intelligence panel, have said the House will not be able to wrestle with surveillance reform until it passes information-security.

McCarthy's note did allude to NSA reform, albeit ambiguously. It stated the House "may consider reauthorization of key provisions of the USA Patriot Act in April." A controversial part of the Patriot Act known as Section 215 is used by the NSA to authorize collection in bulk of Americans' phone records and will expire June 1 unless Congress acts.

NSA reform crumbled in the Senate last November, as the USA Freedom Act came two votes short of advancing due to Republican opposition. House lawmakers are expected to reintroduce next week a version of the Freedom Act in hopes they can race it through before the June 1 deadline.

The Senate is also expected to soon consider a cybersecurity proposal passed by the Senate Intelligence Committee earlier this year. An aide to Majority Leader Mitch McConnell said it was a "priority" but had not been scheduled yet. He added floor consideration was possible before Memorial Day.

The House and Senate will have to reconcile key differences between their bills, particularly with regard to how much they require the scrubbing of personally identifiable information from any data companies choose to share.

Privacy advocates are generally more amenable to the House bill, as it includes explicit prohibition of the use of any collected data for surveillance purposes. But some national security hawks say that bill takes privacy protections too far. Stewart Baker, the former general counsel of the NSA, said in a Washington Post op-ed the measure "appears to pile unworkable new privacy regulations on the private sector information-sharing that's already going on."

President Obama has identified cybersecurity as a top priority of his administration this year—an urgency the administration concedes is due in part to last year's devastating breach of Sony Pictures, which officials blamed on North Korea.