Revisions that Sen. Joe Lieberman (I-Conn.) made to his Cybersecurity Act seem to have appeased privacy advocates who lobbied against an earlier version of the bill.
Michelle Richardson, a legislative counsel for the American Civil Liberties Union (ACLU), told The Hill that Lieberman and other co-sponsors made “substantial changes” and undertook a “Herculean effort to build privacy protections” into the bill.
Sharon Bradford Franklin, senior policy counsel at The Constitution Project, applauded the changes, saying they “go a long way toward alleviating our concerns.”
{mosads}”The amendments address key civil liberties concerns that have dogged the cybersecurity debate,” agreed Leslie Harris, president and CEO of the Center for Democracy and Technology.
The statements mark a major shift for the privacy groups, which had urged the Senate to reject the previous version of Lieberman’s bill to prevent an erosion of civil liberties.
Supporters of Lieberman’s bill, including Sens. Susan Collins (R-Maine), Dianne Feinstein (D-Calif.) and Jay Rockefeller (D-W.Va.), conducted months of negotiations behind closed doors with the privacy groups to develop the revised proposal.
Sens. Al Franken (D-Minn.), Dick Durbin (D-Ill.) and Ron Wyden (D-Ore.) also pushed for tougher privacy protections.
Like the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that passed the House in April, Lieberman’s Cybersecurity Act would encourage companies to share information about cyber threats with the government.
The privacy groups fought fiercely against CISPA, saying it would lead private companies to hand over their customers’ personal information to military spy agencies.
President Obama also threatened to veto CISPA over privacy and civil liberty concerns.
The revised Lieberman bill narrows the definition of what can be shared and requires that any information shared with the government must go to civilian, not military, agencies. The privacy groups argue that the legislation should not empower the CIA and the National Security Agency (NSA) to collect Americans’ personal computer information.
The bill also dictates that the information can only be used for addressing cybersecurity threats and not other purposes, such as national security or criminal investigations.
“We have worked very closely with Senate colleagues, privacy groups and industry to strengthen the bill’s privacy protections without undermining the fundamental goal of improving information cybersecurity sharing,” Feinstein said in a statement. “I believe the bill is stronger as a result of these changes.”
But the privacy groups stopped short of a full-throated endorsement of the bill. The ACLU’s Richardson said “not all of the problems with the Cybersecurity Act are solved yet,” and Gregory Nojeim, a director for the Center for Democracy and Technology, said “more work needs to be done on the Senate floor to secure CDT’s support for this legislation.”
The groups’ statement, however, focused on urging lawmakers not to water down the protections that are already in place.
But appeasing the privacy groups may have moved the bill’s supporters farther away from winning over business groups.
One industry official argued that companies should not be restricted from sharing information with military agencies.
“Sometimes it is appropriate for us to talk directly with [the Defense Department] or NSA,” the official said.