The Senate will vote on a cybersecurity bill that’s taken years to get to the floor. The House has already passed a bill known as CISPA, which raised the ire of privacy and technology activists. Even the White House threatened a veto. Now the Senate will get their turn, after a series of maneuvers designed to garner bipartisan support. The White House blessed the Senate bill.
Sen. Joe Lieberman, I-Conn., and other co-sponsors of the long-delayed bill said Tuesday that a series of changes they made to the legislation have won enough Republican support to get it to the floor for consideration.
They dropped regulatory provisions opposed by the GOP that would have required companies operating electric power plants, water supply facilities, financial institutions and other essential businesses to meet cybersecurity standards set by the Homeland Security Department. The new version of the bill instead offers incentives, such as liability protection, to businesses that voluntarily participate in a cybersecurity program.
What should we make of this bill, then? The House bill, CISPA, drew criticism for the lack of privacy protections. This time around, activists believe they have made significant changes to the bill, though not necessarily everything needed to win their support. Here’s the Electronic Frontier Foundation:
This new bill drastically improves upon the previous bill by addressing the most glaring privacy concerns. This is huge, and it’s thanks to the outcry of Internet users like you worried about their online privacy.
Make no mistake—we remain unpersuaded that any of the proposed cybersecurity measures are necessary and we still have concerns about certain sections of the bill, especially the sections on monitoring and countermeasures. But this was a big step in the direction of protecting online rights, and we wouldn’t be here without the support of Internet users contacting Congress in droves.
In particular, the Senate made several changes to their bill. They kept civilian agencies like the Department of Homeland Security in charge of the cybersecurity system, rather than the practically unaccountable National Security Agency. They added protections that limit the instances where law enforcement could receive data collected for cybersecurity if they had evidence of criminal activity, basically cutting off the ability for warrantless snooping and privacy abuses. Only cybersecurity crime investigations or imminent threats of death could trigger this data-sharing capability. Other crimes unrelated to cybersecurity would be ineligible for data-sharing. And free speech protections have been preserved, as First Amendment speech would not be able to be considered a “cybersecurity threat.”
Demand Progress has generated 200,000 contacts with lawmakers in the Senate to restore and preserve privacy protections in the cybersecurity bill. In a statement, however, Demand Progress said that they remain concerned about the legislation. “The draft bill doesn’t go far enough, and many of the protections contained therein could be stripped by floor amendments or in conference, so our members are still urging their senators to vote against final passage of the legislation,” said Demand Progress executive director David Segal. Demand Progress has been working with Senators Ron Wyden and Al Franken, among others, on the bill.
This remains to many a solution in search of a problem. Especially because companies are no longer mandated to meet the cybersecurity standards, the effectiveness of them can be reasonably called into question. At that point, you’re just creating a new regime of data collection (using cybersecurity as the excuse) that could be put toward nefarious purposes and abuse the privacy of Americans, for an unclear benefit. It’s another example of using national security fears to eat away at the civil liberties of the public.
This looks to be one of those bills that everyone wants to pass, so it’s going to take a similar effort as the SOPA/PIPA protests to derail it.