Responding to Sony Hack, Senate Advances Major Cybersecurity Bill

The Senate Intelligence Committee passed a controversial information-sharing measure Thursday, despite fears it could embolden more NSA spying.

National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
March 12, 2015, 12:24 p.m.

The Sen­ate In­tel­li­gence Com­mit­tee ap­proved a bill Thursday seek­ing to in­crease the shar­ing of di­git­al data between the gov­ern­ment and private sec­tor, mark­ing the first ser­i­ous move to up­grade the na­tion’s cy­ber de­fenses since the crip­pling hack on Sony Pic­tures late last year.

In a closed-door meet­ing, the pan­el ad­vanced 14-1 the Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act, which would provide ex­pan­ded leg­al li­ab­il­ity to com­pan­ies so they more eas­ily share di­git­al data with the gov­ern­ment—an ar­range­ment the bill’s back­ers say would help de­tect, pre­vent, and re­spond to cy­ber in­tru­sions.

The bill’s pas­sage comes des­pite con­cerns from pri­vacy ad­voc­ates that the meas­ure will bol­ster the gov­ern­ment’s powers to con­duct even more sur­veil­lance on Amer­ic­ans.

Sen­ate In­tel­li­gence Com­mit­tee Chair­man Richard Burr called the vote a “truly his­tor­ic” step for­ward that will al­low com­pan­ies to de­ploy “dif­fer­ent de­fense mech­an­isms” to block and lim­it cy­ber­at­tacks.

“This bill will not pre­vent [all cy­ber­at­tacks] from hap­pen­ing,” Burr told re­port­ers. But he ad­ded that the le­gis­la­tion would have gone a long way in min­im­iz­ing the dam­age wrought by re­cent hacks on com­pan­ies ran­ging from An­them In­sur­ance to Home De­pot.

Only Demo­crat­ic Sen. Ron Wyden, a staunch civil-liber­ties ad­voc­ate, op­posed the meas­ure, call­ing it “a sur­veil­lance bill by an­oth­er name.”

“Cy­ber­at­tacks and hack­ing against U.S. com­pan­ies and net­works are a ser­i­ous prob­lem for the Amer­ic­an eco­nomy and for our na­tion­al se­cur­ity,” Wyden said in a state­ment im­me­di­ately after the vote. “It makes sense to en­cour­age private firms to share in­form­a­tion about cy­ber­se­cur­ity threats. But this in­form­a­tion shar­ing is only ac­cept­able if there are strong pro­tec­tions for the pri­vacy rights of law-abid­ing Amer­ic­an cit­izens.”

The vote marks Con­gress’s first ma­jor step on cy­ber vul­ner­ab­il­it­ies since last year’s Sony hack made data se­cur­ity a top pri­or­ity for the White House and law­makers in both parties. It also ar­rives amid a string of hacks, such as the re­cent theft of data of some 80 mil­lion An­them In­sur­ance cus­tom­ers.

Sen­ate lead­er­ship has in­dic­ated it wants to move quickly on the in­form­a­tion-shar­ing bill. An aide for Sen­ate Ma­jor­ity Lead­er Mitch Mc­Con­nell said the le­gis­la­tion was a “pri­or­ity” but did not yet have a timetable for hit­ting the floor. Burr in­dic­ated a floor vote could hap­pen as soon as April.

“14-1 means I have all the con­fid­ence in the world to go to Sen. Mc­Con­nell and get this ex­ped­ited,” Burr said.

The meas­ure still faces sev­er­al po­ten­tial road­b­locks—and chief among them are the pri­vacy con­cerns that helped stall the bill’s pro­gress last sum­mer.

After the Sen­ate in­tel­li­gence com­mit­tee passed a sim­il­ar ver­sion on a 12-3 vote, that bill failed to gain trac­tion amid con­cerns that it would pave the way for com­pan­ies such as Google and Face­book to share more per­son­al data with in­tel­li­gence agen­cies. Un­der the bill, cy­ber in­form­a­tion is routed through the De­part­ment of Home­land Se­cur­ity, which can then be shared in real-time with oth­er gov­ern­ment agen­cies.

“This isn’t an in­form­a­tion shar­ing bill at all,” Gabe Rottman, a le­gis­lat­ive coun­sel with the Amer­ic­an Civil Liber­ties Uni­on, said in a state­ment. “It’s a new and vast sur­veil­lance au­thor­ity that might as well be called Pat­ri­ot Act 2.0 giv­en how much per­son­al in­form­a­tion it would fun­nel to the NSA,” he ad­ded, re­fer­ring to the post-9/11 le­gis­la­tion un­der which the in­tel­li­gence com­munity de­rives much of its spy­ing au­thor­ity.

Des­pite the push­back, in­form­a­tion-shar­ing has leapfrogged oth­er policy pri­or­it­ies in re­cent months—both in Con­gress and at the White House—due largely to the Sony breach, which gov­ern­ment of­fi­cials pub­licly blamed on North Korea. Law­makers of both parties have said the Sony hit awakened them to the im­port­ance and ur­gency of passing cy­ber­se­cur­ity le­gis­la­tion, and the is­sue earned some ded­ic­ated at­ten­tion dur­ing Pres­id­ent Obama’s State of the Uni­on ad­dress in Janu­ary.

It is not im­me­di­ately clear wheth­er the White House sup­ports the lan­guage the Sen­ate pan­el ap­proved, however. Though the ad­min­is­tra­tion views in­form­a­tion shar­ing as a key cy­ber­se­cur­ity pri­or­ity, Obama did is­sue a veto threat in 2013 when the House passed a CISA coun­ter­part. The le­gis­la­tion lacked ap­pro­pri­ate pri­vacy safe­guards and ran the risk of grant­ing cor­por­a­tions too much im­munity, the pres­id­ent said at the time.

Sen. Di­anne Fein­stein, the in­tel­li­gence pan­el’s top Demo­crat, told re­port­ers after the vote that she had been in dis­cus­sions with White House chief of staff Denis Mc­Donough and that “he be­lieves a num­ber of im­prove­ments have been made.”

To com­bat pri­vacy con­cerns, the in­tel­li­gence com­mit­tee cir­cu­lated a CISA draft last month that con­tained ad­di­tion­al pro­tec­tions, such as tough­er re­quire­ments on scrub­bing per­son­ally iden­ti­fi­able in­form­a­tion be­fore com­pan­ies can enter in­to the in­form­a­tion-shar­ing ar­range­ment. On Thursday, Fein­stein said that Demo­crats had sub­mit­ted 15 pri­vacy amend­ments, and that 12 had been ac­cep­ted either in part or in full.

CISA’s pas­sage in­dic­ates it is the pre­ferred route for­ward on in­form­a­tion-shar­ing among con­gres­sion­al lead­er­ship. Sen. Thomas Carp­er, the top Demo­crat on the Home­land Se­cur­ity Com­mit­tee, in­tro­duced a sep­ar­ate info-shar­ing bill last month with lan­guage that closely ad­hered to the White House’s re­com­mend­a­tions. But Carp­er in­tro­duced the meas­ure without a single co-spon­sor, and it has yet to gain trac­tion.

Pri­vacy ad­voc­ates gen­er­ally saw the White House pro­pos­al on in­form­a­tion-shar­ing, which was trot­ted out this year, as an im­prove­ment over pre­vi­ous it­er­a­tions of CISA. But some also said they could not sup­port any in­form­a­tion-shar­ing le­gis­la­tion if Con­gress did not first pass sub­stant­ive NSA re­form. Ex­ist­ing au­thor­it­ies to NSA spy­ing un­der the Pat­ri­ot Act are due to sun­set on June 1, mean­ing law­makers will have to act in some fash­ion be­fore then or risk let­ting cer­tain sur­veil­lance pro­grams ex­pire en­tirely.

Skep­tics of the bill passed Thursday were fur­ther agit­ated by the secrecy of the pro­cess. The vote was held dur­ing a closed-door meet­ing—a stand­ard prac­tice for the in­tel­li­gence com­mit­tee.

“The bill is com­plex and it needs a lot of work,” said Greg No­jeim, a seni­or coun­sel at the Cen­ter for Demo­cracy & Trans­par­ency. “The com­mit­tee’s con­sid­er­a­tion of a bill like this, which will im­pact the pri­vacy of In­ter­net users world wide, should nev­er be un­der­taken be­hind closed doors.”

The com­mit­tee is ex­pec­ted to pub­licly re­lease the passed lan­guage Fri­day or Monday, a Fein­stein aide said.

What We're Following See More »
Trump to Begin Covering His Own Legal Bills
1 days ago
Steele Says Follow the Money
1 days ago

"Christopher Steele, the former British intelligence officer who wrote the explosive dossier alleging ties between Donald Trump and Russia," says in a new book by The Guardian's Luke Harding that "Trump's land and hotel deals with Russians needed to be examined. ... Steele did not go into further detail, Harding said, but seemed to be referring to a 2008 home sale to the Russian oligarch Dmitry Rybolovlev. Richard Dearlove, who headed the UK foreign-intelligence unit MI6 between 1999 and 2004, said in April that Trump borrowed money from Russia for his business during the 2008 financial crisis."

Goldstone Ready to Meet with Mueller’s Team
1 days ago

"The British publicist who helped set up the fateful meeting between Donald Trump Jr. and a group of Russians at Trump Tower in June 2016 is ready to meet with Special Prosecutor Robert Mueller's office, according to several people familiar with the matter. Rob Goldstone has been living in Bangkok, Thailand, but has been communicating with Mueller's office through his lawyer, said a source close to Goldstone."

Kislyak Says Trump Campaign Contacts Too Numerous to List
1 days ago

"Russian Ambassador Sergey Kislyak said on Wednesday that it would take him more than 20 minutes to name all of the Trump officials he's met with or spoken to on the phone. ... Kislyak made the remarks in a sprawling interview with Russia-1, a popular state-owned Russian television channel."

Sabato Moves Alabama to “Lean Democrat”
2 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.