Lawmakers in the House look set to advance the mark-up of contentious public-private online data-sharing legislation in the next few days.
The House Homeland Security Committee will on Tuesday consider its version of cybersecurity bills in what will be the first of the final efforts to mollify privacy advocates before the hotly-anticipated measures are finalized.
It is expected to pass committee before being shuttled to a full House vote next week–a time that Republican leadership has already dubbed “Cybersecurity Week.”
The proposal–the National Cybersecurity Protection Advancement Act–is similar to cyber data-sharing legislation drafted last year by Homeland Security Committee Chairman Michael McCaul (R-Texas). That legislation collected the endorsement of both prominent liberals, via the American Civil Liberties Union, and a high profile right-leaning organization, in the US Chamber of Commerce, according to The Hill.
The former came to the table because the bill reportedly seeks to address privacy concerns that in 2013 derailed the passage of the Cyber Intelligence Sharing and Protection Act (CISPA) in 2013—legislation that would have granted tech companies blanket immunity when sharing users’ personal information with federal law enforcement officials.
Newer versions of CISPA, besides the Homeland Security Committee bill, are also moving through Congress. At the end of March, the House Intelligence Committee passed it’s own version of cyber-sharing legislation. So, too, had the surveillance-adoring Senate Intelligence Committee.
Some privacy advocates are, however, mistrustful of cyber-sharing legislation altogether, and fear it could lead to the government inappropriately collecting more troves of personal data than it already does.
“So-called ‘insta-sharing’ provisions in most of these bills would ensure that personal information feeds directly into the NSA’s databases,” Amie Stepanovich, the US policy manager for the digital civil liberties advocate group Access, told The Sentinel.
“Most importantly,” she added, “not one of these bills attempts to address the actual problems that account for the vast majority of cybersecurity incidents, including research and development into stronger networks, incentives for increased digital security hygiene, and a prohibition against secret back doors and vulnerabilities built into systems to facilitate surveillance.”
Other privacy-minded groups, however, have adopted a lesser of two evils approach by praising–and claiming–that the the Department of Homeland Security is the proper civilian channel through which information sharing should be facilitated.
“So far the Homeland Security bill is the best,” Greg Nojeim, senior counsel at the Center for Democracy & Technology, told The Hill.
“It makes it clear that information can be shared only for cybersecurity reasons, and be used only for cybersecurity reasons and must be shared with the DHS,” he added.
The legislation would also require tech companies to scrub personally identifiable information from whatever data it shares with federal authorities.
Speaking in November last year, NSA Director Adm. Mike Rogers admitted that there are “very valid” privacy concerns associated with CISPA.
He has, nonetheless, still forcefully made the case several times in recent months for Congress to pass legislation to foster more information sharing between the private sector and government.
President Obama–who threatened to veto CISPA in 2013 due to concerns about the overly broad powers it would have granted to the government and its corporate partners–has been an advocate of cyber-sharing that purports to include some privacy safeguards.
Following last year’s hack on Sony, the White House proposed legislation that included limits on what type of information companies would be able to share with legal immunity, and urged the Homeland Security Department to work with the White House Privacy and Civil Liberties Oversight Board in setting up an information sharing framework.
Questions about what privacy-protections, if any, Congress will include, will clarified somewhat this week.
The Chairman of the House Intelligence Committee, Devin Nunes (R-Calif.), told reporters he’d like to take “the best of both bills.”
But those comments spooked privacy advocates who are already only nominally supportive of the Homeland Security version of the bill.
“It’s deeply concerning that the Homeland Security bill could be co-opted and turned into one of these surveillance bills by another name,” ACLU legislative counsel Gabe Rottman told The Hill.
