Congress Running Out of Time on Cyber Bill

Senate Majority Whip John Cornyn, R-Texas

Senate Majority Whip John Cornyn, R-Texas Susan Walsh/AP

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Kaveh Waddell By Kaveh Waddell,
National Journal

By Kaveh Waddell,
National Journal

|

Significant hurdles remain for the Senate's proposed cybersecurity legislation, which is competing with at least two other issues for a vote before recess.

After a pair of massive cyberattacks compromised the personal information of more than 22 million people, most of whom work or worked for the government, lawmakers saw an opportunity to push for cybersecurity legislation that has been stuck in Congress for years.

Despite the calls for urgency, passing a bill won't be easy.

The Cybersecurity Information Sharing Act, or CISA, a Senate bill intended to facilitate the exchange of cyberthreat information between the private sector and the government, has been dogged by conflict and concerns about overreach, and is falling prey to partisan fights that have nothing to do with the issue.

Although the plan was to turn to CISA after the highway bill gets a vote, according to multiple Senate sources, senators may instead take up a measure that would defund Planned Parenthood—eating into time the Senate needs to vote on CISA. There's also a possibility that Majority Leader Mitch McConnell will send lawmakers home this week after they vote on a highway funding bill, leaving the cybersecurity bill for the fall.

"I'm sad to say I don't think that's going to happen," Majority Whip John Cornyn said Tuesday about a vote on the CISA bill, according to The Hill. "I think we're just running out of time."

Extra time could help. The cybersecurity bill has numerous political hurdles to clear that may not be easily negotiated during the first week of August, when senators' minds turn to recess. Many senators also hope to have time to propose further amendments to the bill, which may not be possible during a rushed August schedule.

Here's a rundown of the problems facing the cyber bill:

Outstanding privacy concerns

The information-sharing bill has long been opposed by privacy advocates, who say it would effectively broaden the government's powers to spy on Americans.

letter sent Monday from a coalition of security experts, civil-society organizations, and privacy groups urges President Obama to issue a veto threat, arguing that CISA would result in Americans' private information being shared with the government, and criticizing it for allowing the information gathered from private companies to be used for purposes other than cybersecurity.

"While cybersecurity threats continue to be a significant problem warranting congressional action, CISA goes well beyond authorizing necessary conduct, to authorizing dangerous conduct, and unnecessarily harming privacy," said the Center for Democracy and Technology on its blog Tuesday. "Its broad use permissions suggest that the legislation is as much about surveillance as it is about cybersecurity."

Conflict with House bills

There are currently two bills in the House that complement the Senate's cybersecurity legislation, but reconciling the House bills—and then squaring the result with the Senate version—may prove to be very difficult.

The two House bills originated from different committees: One came from the House Homeland Security Committee, and the other from the House Intelligence Committee. Although they are similar in many ways, they differ on some key points, including on liability protection and privacy provisions.

What's more, neither currently lines up with the legislation under consideration in the Senate, which trades fewer privacy protections for more security provisions.

House Homeland Security Committee Chairman Michael McCaul said last month that the Senate's version of the bill would be dead on arrival in the House, because it could trigger fears of expanded surveillance.

"My concern is that they have an NSA information-sharing component in there that I think would be problematic in many ways in the House," McCaul said at a National Journal event. "I've warned them that if that kind of bill comes back, it's not going to pass, and that's the political reality."

A congressional aide said Tuesday that McCaul has not changed his mind about the current Senate bill, but that he is "supportive of Senate action and is optimistic the House and Senate can come together in conference, if the Senate were to pass their bill, to work out remaining concerns."

Unclear White House support

Although President Obama strongly supports information-sharing legislation, and has proposed his own model bills, the White House has not stated a specific position on Senate cybersecurity bill.

Asked about the bill in June, White House press secretary Josh Earnest did not comment on the proposed legislation, instead pointing to the White House's proposal.

"We have pretty aggressively advocated congressional passage of that legislative language," he said.

The administration publicly came out in support of the two House bills in April, but has in the past issued veto threats against an information-sharing bill it said did not go far enough to protect Americans' privacy.

Questions about effectiveness

In addition to raising privacy concerns, some security experts say information-sharing legislation would do little to improve cybersecurity.

The sheer volume of information that would be disseminated under the bill would overwhelm law enforcement and intelligence entities that would have to pick through it, they say, and finding the needle in the haystack would be very difficult.

"CISA does not work. Private industry already has exactly the information sharing the bill proposes, and it doesn't prevent cyber attacks as CISA claims," wrote Robert Graham, a security expert and researcher, on his blog in March, when the bill was introduced. "On the other side, because of the false-positive problem, CISA does far more to invade privacy than even privacy advocates realize, doing a form of mass surveillance."

Sen. Ron Wyden, a Democrat from Oregon and a longtime supporter of digital privacy in the Senate, also said CISA would "have a limited impact on U.S. cybersecurity" in a March statement.

Wyden, the only member of the Senate Intelligence Committee to vote against the bill when it was passed in March, has called CISA a "surveillance bill by another name" and has been active on Twitter with the hashtag #StopCISA, crediting privacy advocates with pressuring Congress not to pass the bill.

If and when CISA goes in front of the Senate—whether it's this month or in the fall—Wyden and his privacy-minded allies will likely marshal a heated opposition to the measure, further complicating its path to the president's desk.

NEXT STORY: Why Identity-Theft Protection Isn’t All It’s Cracked Up To Be

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.