Long-stalled cybersecurity bill poised for US approval

December 18, 2015 by Rob Lever
The average age of suspected cyber criminals investigated by Britain's National Crime Agency this year was 17
The average age of suspected cyber criminals investigated by Britain's National Crime Agency this year was 17

Legislation designed to fight cyber threats appeared poised for congressional passage following several failed attempts, with the White House on track to prevail despite objections from privacy activists.

The legislation—separate versions of which were approved earlier this year by the Senate and House of Representatives—was tucked into a spending bill to keep the government operating, making passage likely in the coming days.

President Barack Obama would get a victory with the approval after several years of seeking legislation to boost cybersecurity. Previous efforts were bogged down by opposition from activists who feared it would result in excessive government intrusion, and conservatives who argue it would create a new bureaucracy.

Obama welcomed the measure, a senior US official said. "The president has long called on Congress to pass cybersecurity information sharing legislation that will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality, and civil liberties," the official said.

House intelligence committee chairman Devin Nunes said the measure was "vital for protecting America's digital networks," and added that it was part of a broader effort "giving our intelligence community the tools it needs to identify, disrupt, and defeat threats to the homeland and our infrastructure."

A key element in the legislation would shield private companies from liability if they report or share information about cyber threats.

The measure would establish the Department of Homeland Security as a "portal" for cyber threat information sharing. It would also authorize "defensive measures" that could disable or counter a cybersecurity threat.

The action comes amid growing concerns over threats to so-called critical infrastructure, which includes power grids, water systems, key industrial controls and especially the US financial system, which has been hit by numerous cyber attacks in recent months.

The 12 people detained, mainly either still in their teens or early 20s, were accused of using remote access Trojans that can ru
The 12 people detained, mainly either still in their teens or early 20s, were accused of using remote access Trojans that can run undetected on systems and spy on victims computers
New NSA tool?

The compromise comes just months after Congress voted to rein in the powers of the National Security Agency, following revelations of vast surveillance programs in documents leaked by former intelligence contractor Edward Snowden.

Critics said the latest version of the bill is the result of secret negotiations which stripped out nearly all privacy protections, and that the definition of cyber threat is so vague that it would encourage companies to report many activities to law enforcement.

Fifty-one groups active on privacy and digital rights signed a letter Thursday opposing the bill, saying it "seriously threatens privacy, civil liberties, and government accountability, and would undermine cybersecurity, rather than enhance it."

Robyn Greene of the New America Foundation's Open Technology Institute said the political maneuvering underscored how controversial the legislation is.

"Sponsors (of the bill) and congressional leadership are choosing to force its passage without debate or a vote by attaching it to a must-pass spending bill," she said.

Congress voted earlier this year to rein in the powers of the National Security Agency, following revelations of vast surveillan
Congress voted earlier this year to rein in the powers of the National Security Agency, following revelations of vast surveillance programs

The American Civil Liberties Union said the measure "would allow companies to share large amounts of private consumer information with government agencies, including possibly the FBI and NSA."

This could be used for criminal prosecutions unrelated to cybersecurity, "including the targeting of whistleblowers under the Espionage Act," an ACLU statement said.

A large number of Silicon Valley companies such as Apple, Yelp and Dropbox have publicly opposed earlier versions of the legislation, but some tech firms involved in cybersecurity such as IBM have supported the effort.

Apple is among a number of firms that have publicly opposed earlier versions of the cybersecurity legislation
Apple is among a number of firms that have publicly opposed earlier versions of the cybersecurity legislation

Senator Ron Wyden, who opposed the bill passed in the Senate, said the latest version was worse from a privacy perspective.

"This 'cybersecurity' bill was a bad bill when it passed the Senate and it is an even worse bill today," he said in a statement.

"Americans deserve policies that protect both their security and their liberty. This bill fails on both counts."

Explore further: Massive year-end spending bill includes cybersecurity act

Related Stories

Cybersecurity bill would add secrecy to public records laws

December 1, 2015

A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through ...

Obama threatens veto of cybersecurity bill

April 17, 2013

President Barack Obama threatened on Tuesday to veto a major cybersecurity bill unless Congress amends it to include more protections for privacy and civil liberties.

US bill seeks to improve cyber information-sharing

November 30, 2011

A bill intended to increase sharing of information about cybersecurity threats between government and the private sector was introduced in the US House of Representatives on Wednesday.

House unveils cyber bill and signals bipartisan compromise

March 24, 2015

House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how ...

Recommended for you

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.