House GOP Continues Cybersecurity Push Despite Privacy Concerns
House Republican leaders plan to bring several cybersecurity bills to the floor on the third week of April, a spokesman for House Majority Leader Eric Cantor, R-Va., confirmed Wednesday. During a so-called “cyberweek,” House lawmakers will look at six or more Republican cybersecurity bills with the goal of sending a comprehensive cybersecurity package to the Senate. But Greg Nojeim, a senior counsel at the Center for Democracy and Technology (CDT) warned that some of the bills could have “significant” implications on civil liberties, during a press briefing Wednesday.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Cantor’s spokesman told us Wednesday: “We think it is possible that the package of bills we plan to bring to the floor in April, which will deal with information sharing and liability changes among other matters, will be able to garner bipartisan support.” House Republicans have not yet determined whether they plan to vote on and send separate pieces of legislation to the Senate or combine them all into a comprehensive cybersecurity package, the spokesman said. “We are still working that out, but hopefully a package.” He added that staff members of the House Republican leadership recently met with the Department of Homeland Security (DHS) to discuss the White House cybersecurity plan.
The bill with the broadest support among lawmakers and industry members also poses the biggest threat to civil liberties, Nojeim told reporters. The Cyber Intelligence Sharing and Protection Act (HR-3523), which was approved by the Select Committee on Intelligence in December and boasts 106 co-sponsors, aims to increase cyberthreat information sharing among national intelligence agencies and the private sector.
HR-3523 “threatens civilian control of cybersecurity,” Nojeim said. “It allows a broadly defined, almost unlimited class of information to be shared with the government for cybersecurity reasons; it will lead to the expansion of the government’s role in monitoring communications; and once the information is shared it can be used for any national security purpose.”
HR-3523 “gets it wrong” by giving the National Security Agency (NSA) broad and unchecked power to sweep “vast amounts of information” on American networks, Nojeim said. The lack of oversight over NSA will make companies “wary” about voluntarily sharing information with the government “because they won’t know how customer data is being used,” he said. “And it will make users concerned about abuses in which the NSA has recently participated, including the warrantless surveillance program.”
The PrECISE Act (HR-3674) is “better for civil liberties on all of these issues,” Nojeim said. The difference between the PrECISE Act and the House Intelligence bill is that it gives DHS rather than NSA the authority to coordinate the U.S. cybersecurity response with the private sector. The bill also would create a new non-governmental organization called the National Information Sharing Organization (NISO) to increase information sharing between the public and private sectors. The bill was approved by the House Cybersecurity Subcommittee in February, and a spokesman for the author of the bill, Subcommittee Chairman Dan Lungren, R-Calif., told us the Homeland Security Committee will mark up the bill after the Easter/Passover recess.
House Republican leaders won’t be limited by the two opposing bills, as lawmakers continue to churn out new cybersecurity bills on an almost weekly basis. Last week House Commerce Manufacturing Subcommittee Chair Mary Bono Mack, R-Calif., introduced a companion cybersecurity bill to go with the Senate SECURE IT Act. On the same day House Oversight Committee Chairman Darrell Issa, R-Calif., introduced HR-4257 to modernize the Federal Information Security Management Act (FISMA).
On Wednesday a spokeswoman for Rep. Bob Goodlatte, R-Va., confirmed that he is working to introduce cybersecurity legislation in the Judiciary Committee, though she declined to discuss any details. Two other bills pending in House are the Cybersecurity Enhancement Act (HR-2096), which was forwarded by the Science Committee in July and the Secure and Fortify Electronic (SAFE) Data Act (HR-2577), which was introduced in the House Commerce Manufacturing Subcommittee in July.