If and when the Senate gets around to consideration of its cyber info-sharing bill, the battle between privacy advocates and security proponents is certain to take center stage — Sen. Ron Wyden (D-Ore.) said he’ll make sure of it.
Upon completion of a highway funding bill, the chamber may consider S. 754 , a measure that aims to prevent large-scale hacks by sharing classified threat information with the private sector, which in turn would share customer data with government agencies. Participating companies would receive legal liability protections.
The Senate Intelligence Committee approved the measure 14-1 in March. Wyden was the only opponent. After the vote he characterized the legislation as “a surveillance bill by another name.”
Keith Chu, a spokesman for Wyden, said that opposition will persist.
“Senator Wyden has said that if the bill comes to the floor, you should expect to see a number of amendments concerning privacy,” Chu said in an interview on Thursday.
John Simpson, director of progressive consumer advocate group Consumer Watchdog, said part of the privacy concerns involve the National Security Agency.
“The NSA’s access to this information has sparked concerns,” he said in an interview. “There is a fear that law enforcement would inappropriately get access to information.”
The bill’s sponsor, Sen. Richard Burr (R-N.C.), has pushed back against criticism from Wyden and privacy groups, saying the measure “works to ensure the personal privacy of all Americans.”
“We can no longer simply watch Americans’ personal information continue to be compromised,” he said in a statement last month. “This bill is long needed and will help us combat threats to our country and our economy.”
Cyberattacks against U.S. companies and the federal government are on the rise. The most recent high-profile data breach occurred at the Office of Personnel Management, leading to compromised personal records for more than 20 million Americans.
In June, Senate Majority Leader Mitch McConnell (R-Ky.) attempted to attach Burr’s bill to the annual defense authorization measure. The amendment was four votes short of the 60 needed to advance — three Republicans joined 36 Democrats in opposing it.
McConnell has said cybersecurity legislation was on his to-do list this summer.
Cyber info-sharing bills have had better luck in the House. Lawmakers in April passed two measures, H.R. 1560 and H.R. 1731, in April with bipartisan support. The final vote tallies were 307-116 and 355-63, respectively.
Both bills would incentivize private companies to share data with government agencies and would provide liability protections, much like the bill awaiting votes in the Senate.
The White House issued statements of administration policy supporting both measures, but with reservations about how the bills lack punitive measures for private companies that knowingly ignore information they receive about the security of their networks.
During his State of the Union address in January, President Obama called on Congress to pass cybersecurity legislation.
“We’re making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism,” Obama said. “I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber attacks, combat identity theft, and protect our children’s information. That should be a bipartisan effort.”
A White House fact sheet released in February highlighted the importance of data sharing in cybersecurity: “Rapid information sharing is an essential element of effective cybersecurity. It enables U.S. companies to work together to respond to threats, rather than operating alone.”
More recently, in June, the White House said the Senate needs to act.
“We want the Senate to pass cybersecurity legislation, not play games with it,” White House Press Secretary Josh Earnest said last month.
Last year the Senate abandoned efforts to advance a cybersecurity measure sponsored by Sen. Dianne Feinstein (D-Calif.) because of privacy concerns.