Legislation designed to fight cyber threats appeared poised for congressional passage following several failed attempts, with the White House on track to prevail despite objections from privacy activists.
The legislation — separate versions of which were approved earlier this year by the Senate and House of Representatives — was tucked into a spending bill to keep the government operating, making passage likely in the coming days.
President Barack Obama would get a victory with the approval after several years of seeking legislation to boost cybersecurity. Previous efforts were bogged down by opposition from activists who feared it would result in excessive government intrusion, and conservatives who argue it would create a new bureaucracy.
Obama welcomed the measure, a senior U.S. official said. “The president has long called on Congress to pass cybersecurity information sharing legislation that will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality, and civil liberties,” the official said.
House intelligence committee chairman Devin Nunes said the measure was “vital for protecting America’s digital networks,” and added that it was part of a broader effort “giving our intelligence community the tools it needs to identify, disrupt, and defeat threats to the homeland and our infrastructure.”
A key element in the legislation would shield private companies from liability if they report or share information about cyber threats.
The measure would establish the Department of Homeland Security as a ”portal” for cyber threat information sharing. It would also authorize “defensive measures” that could disable or counter a cybersecurity threat.
The action comes amid growing concerns over threats to so-called critical infrastructure, which includes power grids, water systems, key industrial controls and especially the U.S. financial system, which has been hit by numerous cyber attacks in recent months.
New Tool for the NSA?
The compromise comes just months after Congress voted to rein in the powers of the National Security Agency, following revelations of vast surveillance programs in documents leaked by former intelligence contractor Edward Snowden.
Critics said the latest version of the bill is the result of secret negotiations that stripped out nearly all privacy protections, and that the definition of cyber threat is so vague that it would encourage companies to report many activities to law enforcement.
Fifty-one groups active on privacy and digital rights signed a letter Thursday opposing the bill, saying it “seriously threatens privacy, civil liberties, and government accountability, and would undermine cybersecurity, rather than enhance it.”
Robyn Greene of the New America Foundation’s Open Technology Institute said the political maneuvering underscored how controversial the legislation is.
“Sponsors (of the bill) and congressional leadership are choosing to force its passage without debate or a vote by attaching it to a must-pass spending bill,” she said.
The American Civil Liberties Union said the measure “would allow companies to share large amounts of private consumer information with government agencies, including possibly the FBI and NSA.”
This could be used for criminal prosecutions unrelated to cybersecurity, “including the targeting of whistleblowers under the Espionage Act,” an ACLU statement said.
A large number of Silicon Valley companies such as Apple, Yelp and Dropbox have publicly opposed earlier versions of the legislation, but some tech firms involved in cybersecurity such as IBM have supported the effort.
Senator Ron Wyden, who opposed the bill passed in the Senate, said the latest version was worse from a privacy perspective.
“This ‘cybersecurity’ bill was a bad bill when it passed the Senate and it is an even worse bill today,” he said in a statement. “Americans deserve policies that protect both their security and their liberty. This bill fails on both counts.”
By Rob Lever
Copyright Agence France-Presse, 2015