As the final work week begins before summer recess, it remains unclear whether the Senate will manage to tackle a major cybersecurity information-sharing bill before leaving town.
First, the Senate on Monday will hold a procedural vote on taking up an unrelated bill banning federal funds to Planned Parenthood. If that measure doesn’t get the 60 votes needed to advance, Majority Leader Mitch McConnell, R-Ky., told reporters last week, the Cyber Intelligence and Sharing Act would be next in line for Senate floor time.
“If we are unable to get on the defund Planned Parenthood vote on Monday, hopefully we will get on it, but if we don’t we’ll turn to cybersecurity next week and see if we can achieve something additionally for the American people before the August recess,” McConnell said.
If the Senate does take up cyber info-sharing, it could face a bewildering array of amendments and a hard deadline to complete work by Friday.
How McConnell handles the amendment process will determine whether Democrats — even Democratic supporters of CISA —will allow the debate even to get started.
If it does get started, strange-bedfellow foes such as Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) will try to make sure the debate never ends.
Amid that uncertainty, lawmakers across Capitol Hill were spreading their bets on what would happen with the cybersecurity legislation.
Early in the week, the CISA bill was widely seen as the big train that would carry multiple cyberinitiatives. Senators were ready to haul everything from consumer data-breach notification to cyber criminal law reform to the Senate floor.
Later in the week, some lawmakers were quietly preparing to unpack their individual initiatives from that train.
Key lawmakers were well-aware that relatively small-bore cyberbills could be positioned separately for action in the fall if the cybersecurity info-sharing legislation became hopelessly bogged down or was delayed.
Such was the case in the autumn of 2014, when the Senate Intelligence Committee’s controversial info-sharing bill could never get a floor date. Instead, more modest cyberbills produced by the House and Senate homeland security committees were ultimately approved by voice vote as the 113th Congress expired.
This time around, the homeland security panels are setting up bills designed to secure the .gov domain, either as amendments to CISA or as stand-alone bills in the fall.
“We’re monitoring the Senate but we could move separately in the fall if we have to,” a House Homeland Security Committee source said. The source emphasized that the homeland panel’s legislation builds off the Department of Homeland Security-oriented cybersecurity bills signed into law last year.
“That was step one and this is step two,” the source said of the effort to secure the .gov domain. The new bills would “allow DHS to proactively protect the government’s networks.”
These proposals clarify the Department of Homeland Security’s power to fix cybersecurity holes like the ones that allowed the massive breaches at the Office of Personnel Management. They are largely noncontroversial: The Senate version cleared the Homeland Security and Governmental Affairs Committee on a unanimous vote on July 29.
The moves to potentially separate less-controversial cyber bills from CISA make sense, as other senators last week were teeing up amendments designed to sink the information-sharing legislation altogether.
“Members are going to hear about the concerns about this bill,” Wyden predicted last week. “A lot of members are getting interested in offering amendments.”
Wyden said the bill would have to be “dramatically overhauled” before he would support it, which he didn’t expect to happen.
CISA, Wyden said in a conference call with reporters, was “incredibly flawed” and represented “tremendous overreach.” He called it a panicked response to the OPM breach that would actually undermine security.
And, he asked mockingly, how can we be asked to give the government even more access to ordinary citizens’ personal data when the government repeatedly demonstrates that it can’t protect the information it already has in its databases?
“This bill doesn’t do anything tangible to protect Americans,” Wyden warned.
Digital privacy groups such as Access and the Electronic Frontier Foundation have a laundry list of complaints against the CISA bill.
It authorizes communications companies to monitor their customers’ data, they charge. Further, they say, it allows ambiguous “defensive” measures by private-sector entities that could be akin to acts of cyberwar; provides legal immunity for sharing personal data; permits the government to use that data for reasons far beyond cybersecurity; and, as a final insult to these groups, offers a blanket exemption from disclosure under the Freedom of Information Act.
Sen. Dianne Feinstein, D-Calif., a key sponsor of the legislation, has expressed frustration over such complaints and lists extensive privacy protections added to the bill over the past two years.
But bill opponents are trying to make the case that this will be an extremely messy floor fight, exactly the situation McConnell has said he wants to avoid.
Last week the online privacy activists delivered over 6 million anti-CISA faxes to Senate offices, saying they were deploying a “1984 technology” because CISA is an Orwellian 1984-style bill.
Major industry groups have their own campaigns underway to persuade senators to pass the business community’s top legislative priority on cybersecurity.
There isn’t much room for compromise here and, of equal significance, there isn’t much time.
View the original content and more from this author here: http://ift.tt/1OZkzF9
from cyber security caucus http://ift.tt/1ITlc45
via IFTTT
No comments:
Post a Comment