The Senate’s cybersecurity bill, abandoned just before the August recess, could be back on the floor soon. But passing it isn’t getting any easier as pushback from privacy advocates appears to be growing.
A Senate Republican notice on Wednesday listed the cybersecurity bill as one of only a few items on the upcoming floor agenda. The exact date for debate is still unknown, but the verbiage about the bill has already kicked off. The bill, S. 754, would incentivize private companies to share data with government agencies to combat cyber attacks.
Sen. Ron Wyden (D-Ore.), an opponent of the bill who played a major role in the Senate punting it in late July, told reporters on Tuesday that he wouldn’t be surprised if the delay continued. “Based on what I’ve been told last, it’s very up in the air. And I think it’s because our [Democratic] side continues to show the flaws in the strategy of the sponsors,” he said.
There is also new partner in the opposition to the bill. The Business Software Alliance, a trade group representing big tech companies such as Microsoft, IBM, or Intel, recently sent a letter to House and Senate leaders urging action on multiple tech-related bills. In that letter, BSA said it does not support the Senate cybersecurity bill and asked for more privacy protections.
Yet Obama officials and other senators have called for the bill to pass.
“I encourage continued efforts to pass legislation on cybersecurity information sharing. We think that is absolutely critical,” Deputy Secretary of Defense Robert Work said at a Tuesday hearing in the Senate Armed Services Committee. “[Defense] Secretary [Ashton] Carter has placed particular emphasis on partnering with the private sector. The department doesn’t have all of the answers, and working with industry we think will be very, very critical.”
Sen. Jack Reed (D-R.I.), ranking member of the committee, said the bill was necessary for American security. “I know the Chairman [John McCain (R-Ariz.] is in full agreement on the need to debate, amend, and pass that legislation this year in the interest of national security. And so am I,” he said.
Whether the bill can pass in the Senate depends on the fate of 22 pending amendments. Several were crafted to address privacy concerns by, for example, requiring firms to remove personally identifiable information from any shared data.
Even though Wyden wrote two of those pending amendments, he hinted that he plans to continue battling what he called “a badly flawed bill.”
He also indicated the floor debate could get dragged out, which could dissuade Senate Majority Leader Mitch McConnell from scheduling it. “Not only are there amendments, I have not agreed to any time limit on this,” Wyden said.
Privacy advocates argue that the bill currently has no protections for information that could identify consumers, and that removing such information would not be difficult or impede the efficiency of the program. However, some fear imposing extra restrictions on what to do with information before sharing it with agencies could deter some from participating.
Wyden also referred to the massive data breach at the Office of Personnel Management that compromised 21.5 million Social Security Numbers and 5.6 million fingerprints. Senate Intelligence Chairman Richard Burr (R-N.C.), sponsor of the cybersecurity measure, said in a USA Today article that his bill wouldn’t have prevented the OPM hack.
Wyden said Burr’s comments speak volumes. “To have the sponsor of the legislation say that the bill that they’re seeking to bring to the floor would not deal with what was cited repeatedly as the argument for it, I think is pretty powerful.”