Cybersecurity Debate Begins, Major Questions on Internet Privacy RemainJuly 27, 2012 - by Donny Shaw
The Senate voted 84-11 on Thursday to begin debate of the latest version of the Lieberman-Collins cybersecurity legislation. The version of the bill they’ll be debating, S.3414, addresses many of the privacy concerns in the original, but it still poses some problems for civil liberties. Here are a few things to watch as the debate progresses.
Information Sharing — First and foremost, groups like the EFF say that section 701, which covers “information sharing” and has origins going back to the House’s truly awful CISPA bill, still gives web companies too much authority to violate internet users’ rights. According to Sen. Al Franken in a speech on the Senate floor, the section would "give ISPs and other companies a brand new right to monitor communications and deploy countermeasures. That right is very broad. So broad that if a company uses that power negligently to snoop in on your email or damage your computer-they will be immune from any lawsuit.”
An amendment from Sens. Franken, Wyden and Paul that would remove section 701 from the bill entirely will be voted on next week. A competing amendment, from Sen. McCain, that would make Sec. 701 worse for privacy by allowing companies to share internet users’ information directly with the NSA and allow the government to use the information for any purpose, will also be voted on. Amendment votes are expected next week.
Breakdown over critical infrastructure — There is still disagreement over another major portion of the bill dealing with critical infrastructure. In its current form, the bill would provide incentives for web companies that meet government-defined minimum security standards. That’s far weaker than the mandatory standards in the original version, but the U.S. Chamber of Commerce, which has significant influence with many senators, calls this section “overly prescriptive.”
If the Chambers’ issues with the bill cause it to fail, it’s possible that the Senate would then move to the Chamber-backed McCain bill, known as SECURE-IT. That bill doesn’t cover security standards at all, but it is awful on privacy. It’s very similar CISPA — eliminates all existing privacy laws and provides full legal immunity for companies that share user info with the government. McCain’s bill doesn’t have any Democratic backers at the moment, but it’s conceivable that it could get some because word is that there’s a lot of pressure coming down from the White House to get one of the cybersecurity bills passed into law. Unfortunately, the specific details of the bill could take a backseat to just getting some bill passed.
Conference Committee — Anything the Senate passes will have to reconciled with the House’s cybersecurity bill, CISPA, in a bipartisan conference committee and then approved again by each chamber. It’s hard to imagine the House going along with any form of critical infrastructure standards, so that leaves us with basically just the information sharing provisions. The White House has stated its intent to veto CISPA, saying that it “treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.” However, there is some doubt that the President would ultimately follow through with the veto if something essentially similar to CISPA, but slightly altered, were to reach his desk.