Rep. Michael McCaul said he's concerned about elements of the Senate bill that could allow the NSA to collect more information on Americans.
The Senate's version of a cyber-information-sharing bill is doomed should it be sent over to the House in current form, the chairman of the House Homeland Security Committee said Wednesday.
Republican Rep. Michael McCaul, who authored a cyber-information-sharing bill that overwhelmingly passed the House in April, said the current version in the Senate would trigger fears of more spying by the National Security Agency—and that makes it a nonstarter in the House.
"My concern is that they have an NSA information-sharing component in there that I think would be problematic in many ways in the House," McCaul said at National Journal's "Cybersecurity: Managing the Risks of the Digital Frontier" event, underwritten by Zurich. "I've warned them that if that kind of bill comes back, it's not going to pass, and that's the political reality."
McCaul's information-sharing bill passed the House a day after similar legislation from the House Intelligence Committee. Both bills are aimed at improving the private sector's and the government's cyber defenses by making it easier for companies to share information about cyber-threats with each other and with the government.
But the Senate has been slow to pick up information-sharing legislation, even after a series of high-profile data breaches at the Office of Personnel Management was made public this month.
"Quite frankly, I'm getting frustrated that they cannot get this work done in the Senate." McCaul said. "This bill, if sent to the president, would probably be signed into law tomorrow."
The holdup isn't for lack of trying from the top rungs of the Senate. Republican Majority Leader Mitch McConnell tried to move cybersecurity legislation forward earlier this month by attaching a cyber-information-sharing bill to the National Defense Authorization Act, a must-pass defense policy bill.
But McConnell's move was met with stiff opposition from Senate Democrats, who said the measure merits open debate and an amendment process that it can't have while tethered to the NDAA. Two days later, the Senate voted not to consider McConnell's amendment as a part of the defense bill.
The legislation on which McConnell attempted to force a vote, the Cybersecurity Information Sharing Act, passed the Senate Intelligence Committee in March, with just one vote against it. The dissenting vote was cast by Oregon Democrat Ron Wyden, who has taken to calling the legislation a "surveillance bill by another name."
Wyden's concerns are shared by privacy advocates, who say the bill would allow the NSA access to information shared between the private sector and the government.
"Congress should be working to limit the NSA's overbroad authorities to conduct surveillance, rather than passing a bill that would increase the NSA's access to personal information and private communications," wrote a coalition of privacy organizations and security experts in a March letter addressed to the Senate Intelligence Committee.
McCaul said Wednesday that the Senate has a chance to fix the CISA bill by opening it up to amendments on the Senate floor. But he warned senators against trying to push through their own version of a bill, using the fight over the USA Freedom Act last month as a cautionary tale.
"So they're going to do the USA Freedom Act, their version. And then they're going to get a filibuster by someone who's running for president," McCaul said, referring to Sen. Rand Paul's10-hour speech last month against the NSA-reform bill. "And then it gets blown up, and then they'll decide, 'OK, I guess we'll just pass what the House did.'
"The easier thing for them to do is to pass our bills," he said.
McCaul said his cybersecurity bill could have prevented the data breaches at OPM that may have compromised the sensitive personal information of as many as 18 million current and former federal workers, because the personnel agency could have been able to identify the threat to its data before it was targeted and its defenses breached.
"If we had information-sharing, we could've blocked it in the first place," he said.
While McCaul noted that the Senate measure faces criticism over potential pathways to spying, his own measure has also been coolly received by privacy advocates.
Robyn Greene, policy counsel at New America's Open Technology Institute, wrote in April that OTI opposes both McCaul's bill and its sister from the Intelligence Committee, but called McCaul's bill the lesser of the two evils. And Greg Nojeim, director of the Freedom, Security, and Technology Project at the Center for Democracy & Technology, wrote in April that the Homeland Security bill misses the privacy mark by adhering to an overbroad definition of the "cybersecurity purposes" for which the government can use information shared by the private sector.
The White House earlier this month reiterated its calls for Congress to pass cyber-information-sharing legislation, when press secretary Josh Earnest called on Congress to "come out of the Dark Ages."
On that issue, the president has McConnell on his side. In remarks made on the Senate floor Wednesday morning about OPM Director Katherine Archuleta's Thursday appearance in front of the Senate Homeland Security Committee, the Senate majority leader said, "Whatever happens tomorrow, one thing doesn't change: the need for the Intelligence Committee's cybersecurity bill we tried to pass earlier this month."
McConnell added, "I'll continue working with my colleagues to that end."