The Senate’s Cybersecurity Bill Is in Trouble

Significant hurdles remain for the Senate’s proposed cybersecurity legislation, which is competing with at least two other issues for a vote before recess.

Majority Whip John Cornyn
National Journal
Kaveh Waddell
Add to Briefcase
See more stories about...
Kaveh Waddell
July 28, 2015, 4:01 p.m.

After a pair of massive cy­ber­at­tacks com­prom­ised the per­son­al in­form­a­tion of more than 22 mil­lion people, most of whom work or worked for the gov­ern­ment, law­makers saw an op­por­tun­ity to push for cy­ber­se­cur­ity le­gis­la­tion that has been stuck in Con­gress for years.

Des­pite the calls for ur­gency, passing a bill won’t be easy.

The Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act, or CISA, a Sen­ate bill in­ten­ded to fa­cil­it­ate the ex­change of cy­ber­threat in­form­a­tion between the private sec­tor and the gov­ern­ment, has been dogged by con­flict and con­cerns about over­reach, and is fall­ing prey to par­tis­an fights that have noth­ing to do with the is­sue.

Al­though the plan was to turn to CISA after the high­way bill gets a vote, ac­cord­ing to mul­tiple Sen­ate sources, sen­at­ors may in­stead take up a meas­ure that would de­fund Planned Par­ent­hood — eat­ing in­to time the Sen­ate needs to vote on CISA. There’s also a pos­sib­il­ity that Ma­jor­ity Lead­er Mitch Mc­Con­nell will send law­makers home this week after they vote on a high­way fund­ing bill, leav­ing the cy­ber­se­cur­ity bill for the fall.

“I’m sad to say I don’t think that’s go­ing to hap­pen,” Ma­jor­ity Whip John Cornyn said Tues­day about a vote on the CISA bill, ac­cord­ing to The Hill. “I think we’re just run­ning out of time.”

Ex­tra time could help. The cy­ber­se­cur­ity bill has nu­mer­ous polit­ic­al hurdles to clear that may not be eas­ily ne­go­ti­ated dur­ing the first week of Au­gust, when sen­at­ors’ minds turn to re­cess. Many sen­at­ors also hope to have time to pro­pose fur­ther amend­ments to the bill, which may not be pos­sible dur­ing a rushed Au­gust sched­ule.

Here’s a run­down of the prob­lems fa­cing the cy­ber bill:

Out­stand­ing pri­vacy con­cerns

The in­form­a­tion-shar­ing bill has long been op­posed by pri­vacy ad­voc­ates, who say it would ef­fect­ively broaden the gov­ern­ment’s powers to spy on Amer­ic­ans.

A let­ter sent Monday from a co­ali­tion of se­cur­ity ex­perts, civil-so­ci­ety or­gan­iz­a­tions, and pri­vacy groups urges Pres­id­ent Obama to is­sue a veto threat, ar­guing that CISA would res­ult in Amer­ic­ans’ private in­form­a­tion be­ing shared with the gov­ern­ment, and cri­ti­ciz­ing it for al­low­ing the in­form­a­tion gathered from private com­pan­ies to be used for pur­poses oth­er than cy­ber­se­cur­ity.

“While cy­ber­se­cur­ity threats con­tin­ue to be a sig­ni­fic­ant prob­lem war­rant­ing con­gres­sion­al ac­tion, CISA goes well bey­ond au­thor­iz­ing ne­ces­sary con­duct, to au­thor­iz­ing dan­ger­ous con­duct, and un­ne­ces­sar­ily harm­ing pri­vacy,” said the Cen­ter for Demo­cracy and Tech­no­logy on its blog Tues­day. “Its broad use per­mis­sions sug­gest that the le­gis­la­tion is as much about sur­veil­lance as it is about cy­ber­se­cur­ity.”

Con­flict with House bills

There are cur­rently two bills in the House that com­ple­ment the Sen­ate’s cy­ber­se­cur­ity le­gis­la­tion, but re­con­cil­ing the House bills — and then squar­ing the res­ult with the Sen­ate ver­sion — may prove to be very dif­fi­cult.

The two House bills ori­gin­ated from dif­fer­ent com­mit­tees: One came from the House Home­land Se­cur­ity Com­mit­tee, and the oth­er from the House In­tel­li­gence Com­mit­tee. Al­though they are sim­il­ar in many ways, they dif­fer on some key points, in­clud­ing on li­ab­il­ity pro­tec­tion and pri­vacy pro­vi­sions.

What’s more, neither cur­rently lines up with the le­gis­la­tion un­der con­sid­er­a­tion in the Sen­ate, which trades few­er pri­vacy pro­tec­tions for more se­cur­ity pro­vi­sions.

House Home­land Se­cur­ity Com­mit­tee Chair­man Mi­chael Mc­Caul said last month that the Sen­ate’s ver­sion of the bill would be dead on ar­rival in the House, be­cause it could trig­ger fears of ex­pan­ded sur­veil­lance.

“My con­cern is that they have an NSA in­form­a­tion-shar­ing com­pon­ent in there that I think would be prob­lem­at­ic in many ways in the House,” Mc­Caul said at a Na­tion­al Journ­al event. “I’ve warned them that if that kind of bill comes back, it’s not go­ing to pass, and that’s the polit­ic­al real­ity.”

A con­gres­sion­al aide said Tues­day that Mc­Caul has not changed his mind about the cur­rent Sen­ate bill, but that he is “sup­port­ive of Sen­ate ac­tion and is op­tim­ist­ic the House and Sen­ate can come to­geth­er in con­fer­ence, if the Sen­ate were to pass their bill, to work out re­main­ing con­cerns.”

Un­clear White House sup­port

Al­though Pres­id­ent Obama strongly sup­ports in­form­a­tion-shar­ing le­gis­la­tion, and has pro­posed his own mod­el bills, the White House has not stated a spe­cif­ic po­s­i­tion on Sen­ate cy­ber­se­cur­ity bill.

Asked about the bill in June, White House press sec­ret­ary Josh Earn­est did not com­ment on the pro­posed le­gis­la­tion, in­stead point­ing to the White House’s pro­pos­al. “We have pretty ag­gress­ively ad­voc­ated con­gres­sion­al pas­sage of that le­gis­lat­ive lan­guage,” he said.

The ad­min­is­tra­tion pub­licly came out in sup­port of the two House bills in April, but has in the past is­sued veto threats against an in­form­a­tion-shar­ing bill it said did not go far enough to pro­tect Amer­ic­ans’ pri­vacy.

Ques­tions about ef­fect­ive­ness

In ad­di­tion to rais­ing pri­vacy con­cerns, some se­cur­ity ex­perts say in­form­a­tion-shar­ing le­gis­la­tion would do little to im­prove cy­ber­se­cur­ity.

The sheer volume of in­form­a­tion that would be dis­sem­in­ated un­der the bill would over­whelm law en­force­ment and in­tel­li­gence en­tit­ies that would have to pick through it, they say, and find­ing the needle in the hay­stack would be very dif­fi­cult.

“CISA does not work. Private in­dustry already has ex­actly the in­form­a­tion shar­ing the bill pro­poses, and it doesn’t pre­vent cy­ber at­tacks as CISA claims,” wrote Robert Gra­ham, a se­cur­ity ex­pert and re­search­er, on his blog in March, when the bill was in­tro­duced. “On the oth­er side, be­cause of the false-pos­it­ive prob­lem, CISA does far more to in­vade pri­vacy than even pri­vacy ad­voc­ates real­ize, do­ing a form of mass sur­veil­lance.”

Sen. Ron Wyden, a Demo­crat from Ore­gon and a long­time sup­port­er of di­git­al pri­vacy in the Sen­ate, also said CISA would “have a lim­ited im­pact on U.S. cy­ber­se­cur­ity” in a March state­ment.

Wyden, the only mem­ber of the Sen­ate In­tel­li­gence Com­mit­tee to vote against the bill when it was passed in March, has called CISA a “sur­veil­lance bill by an­oth­er name” and has been act­ive on Twit­ter with the hasht­ag #Stop­CISA, cred­it­ing pri­vacy ad­voc­ates with pres­sur­ing Con­gress not to pass the bill.

If and when CISA goes in front of the Sen­ate — wheth­er it’s this month or in the fall — Wyden and his pri­vacy-minded al­lies will likely mar­shal a heated op­pos­i­tion to the meas­ure, fur­ther com­plic­at­ing its path to the pres­id­ent’s desk.

What We're Following See More »
Report: Kelly Calls Trump “Uninformed”
9 hours ago

"White House Chief of Staff John F. Kelly told Democratic lawmakers Wednesday that the United States will never construct a physical wall along the entire stretch of the U.S.-Mexico border and that some of President Trump’s campaign promises on immigration were 'uninformed.'”

Mueller’s Team Scrutinizing Russian Embassy Transactions
10 hours ago
Bannon’s Attorney Passed Along Questions to White House
10 hours ago

"Steve Bannon’s attorney relayed questions, in real time, to the White House during a House Intelligence Committee interview of the former Trump chief strategist" on Tuesday. "Bannon’s attorney Bill Burck was asking the White House counsel’s office by phone whether his client could answer the questions. He was told by that office not to discuss his work on the transition or in the White House."

Jack Gerard Stepping Down from API
10 hours ago

"The top lobbyist for the U.S. oil-and-gas industry is stepping down after 10 years on the job. Jack Gerard, the president and CEO of the American Petroleum Institute, sent an email to his staff on Wednesday morning saying that he decided not to seek another five-year contract with the nation’s largest oil-and-gas industry trade association."

CBC, Judiciary Committee Dems Move to Censure Trump
11 hours ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.