Digital rights advocates are in an uproar as the final text of a major cybersecurity bill appears to lack some of the privacy community’s favored clauses.
In the last few weeks, House and Senate negotiators have been working unofficially to reach a compromise between multiple versions of a cyber bill that would encourage businesses to share more data on hacking threats with the government.
{mosads}The Senate passed its bill in October, while the House passed two complementary bills in April. In recent days, the two sides have ramped up talks on merging the bills in the hopes of having the final text on President Obama’s desk by the end of the year.
It’s believed an official conference could begin this week.
And it now appears the final language is unlikely to include notable privacy provisions that digital rights and civil liberties groups insist are necessary to reduce the odds the bill enables greater government surveillance.
Many industry groups, a bipartisan coalition of lawmakers and even the White House have insisted the cyber bill is a necessary first step to better understanding and thwarting the cyberattacks that have plagued the country in recent years.
But many tech companies, technologists and privacy advocates argue the measure would simply shuttle more personal data on Americans to the National Security Agency (NSA), just months after Congress voted to rein in its surveillance programs. They had pushed for some late alterations they said would mitigate the bill’s potential damage.
The cyber bill’s final text may confirm opponents’ worst fears, according to multiple people both on and off Capitol Hill with knowledge of the negotiations.
The Senate’s recently passed bill, known as the Cybersecurity Information Sharing Act (CISA), is expected to serve as the basis for the finished language. The compromise text will also likely include elements from a bill that originated in the House Intelligence Committee, observers said.
This completed product would mostly sideline the privacy advocate-preferred bill from the House Homeland Security Committee. They believe the Homeland Security bill includes the strongest provisions to protect people’s sensitive data from falling into the NSA’s hands.
Specifically, the Homeland Security bill would give the greatest role to the Department of Homeland Security (DHS) for collecting cyber threat data from the private sector and disseminating it throughout the government.
It’s believed the DHS is best suited to scrub data sets of personal information.
The realization that the Intelligence Committee offerings would dominate the completed bill has sent some privacy groups into an 11th-hour frenzy.
“We’ve just learned that the Intelligence Committees are trying to pull a fast one,” Nathan White, senior legislative manager at digital rights advocate Access, said in a recent email to supporters. “They’ve been negotiating in secret and came up with a Frankenstein bill — that has some of the worst parts from both the House and the Senate versions.”
The group is trying to pressure Homeland Security Committee Chairman Michael McCaul (R-Texas), a co-sponsor of his committee’s bill, to take a stand.
But several people tracking the negotiations believe McCaul is under significant pressure from House Speaker Paul Ryan (R-Wis.) and other congressional leaders to not oppose the compromise text.
They said lawmakers are aiming to vote on the final cyber bill as part of an omnibus budget deal that is expected before the end of the year.