Privacy fight returns for cyber bill

Privacy advocates are dusting off a months-old campaign to block cybersecurity legislation that they warn would send too much personal information into government hands.

After failing to prevent a similar bill from passing through the House last year, advocates now want to make sure that the Senate can’t finish the job and send the bill to the president’s desk.  

{mosads}Leaks from Edward Snowden have changed the game, the critics contend, and made their argument about government overreach at the National Security Agency (NSA) an easier sell.

“This is the first time people are having a chance to weigh in with the knowledge of what the NSA is doing,” said Amie Stepanovich, senior policy counsel at the digital rights group Access. “I think it’s fair to say that the appetite for government information collection has greatly diminished.”

The Cybersecurity Information Sharing Act (CISA) makes it possible for companies and government agencies to share information about possible hackers and security weaknesses with each other, which advocates say is critical to make sure that blind spots aren’t left untended for long.

“What most people don’t understand is that 80 percent of the network is controlled by the private sector,” said Rep. Dutch Ruppersberger (D-Md.), the top Democrat on the House Intelligence Committee and one of the backers of the House’s Cyber Intelligence Sharing and Protection Act (CISPA) last year.

“It’s like being a weather forecaster and you’re watching a major hurricane go up the East Coast and you can’t warn anybody,” he said.

“If we could’ve been able to pass the CISPA bill right away, it would have been able to help us prevent our corporations and people from cyber attacks, especially from China and to an extent Russia. An example is Target,” he added, which last year suffered a massive data breach that exposed as many as 110 million shoppers’ data during the holiday season.

The new Senate bill has won support from financial trade groups, among others, who say the legislation is critical to making sure hackers can’t wreak havoc on bank records.

Kenneth Bentsen, chief executive at the Securities Industry and Financial Markets Association, said in a statement that leaders of the Senate Intelligence panel who wrote the bill have “taken a balanced and considered approach which will help the financial services industry to better protect our customers from cyber terrorists and criminals, as well as their privacy.” 

The Intelligence Committee passed the cybersecurity bill this week on a 12-3 vote.  

But now it faces a bigger test as advocates will face off against civil liberties supporters to see if the legislation will even get a vote on the Senate floor. 

Like the House-passed bill last year, critics allege that CISA would make it too easy for personal information to get shuttled to government agencies like the NSA.

Information sent to the Department of Homeland Security, which would operate a portal between agencies and companies under the bill, would automatically be sent to the NSA, critics have warned, without making sure that data is wiped clear of personally identifying information like names or Social Security numbers.

Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and ranking member Saxby Chambliss (R-Ga.) tried to beef up some of the privacy protections in the version that passed their committee this week, but advocates said it didn’t go nearly far enough.

“The big ticket items have still not been addressed,” said Greg Nojeim, senior counsel with the Center for Democracy and Technology.

While they haven’t been entirely successful, civil liberties advocates have had some victories fighting against cyber-sharing bills in the pass.

The House easily passed CISPA last April, but only after a veto threat from President Obama, who worried that the bill “does not require private entities to take reasonable steps to remove irrelevant personal information” before sharing information.

A similar bill passed the House in 2012, and it, too, drew a presidential veto threat.

Privacy advocates hoped that’s a sign that Obama is on their side and would threaten to veto the Senate bill, if it stood a serious chance of passing.

“We’re hopeful that the president will continue with the precedent that he set of threatening to veto any cyber information-sharing legislation that’s not privacy-protective and that would allow automatic information sharing with the NSA,” said Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute.

Some of the same grassroots action that helped raise alarms about CISPA have already begun again with its Senate partner. 

The Electronic Frontier Foundation is urging supporters to get in touch with their senators and oppose the bill, which the group calls “the wrong way to address our nation’s cybersecurity concerns.” 

Access launched a petition this week calling on Obama “to take a stand against this bill, which attacks our basic human rights, and to promise to veto CISA if it crosses his desk. 

For the bill’s supporters, the pressure is on to move quickly. 

After Wednesday’s vote, Chambliss said that the chamber should pass the bill “before the August recess,” but Feinstein told The Hill that she had not heard any plans to move it from Senate leadership.

Even if it were to get through the Senate and meet the White House’s approval, the House would either have to pass it as well or lawmakers from the two chambers would need to hash out the differences between CISA and CISPA in conference committee. 

And overcoming those obstacles could be an especially heavy lift for a controversial bill in the midst of an election year. 

“Right now the Senate is very busy,” Greene said. “There are a lot of appropriations bills, there’s the election coming up in November. 

“People are really trying to get all theirs Ts crossed and Is dotted,” she added, which could leave CISA out in the cold.