A much-delayed cybersecurity bill aimed at combating cyber crooks by encouraging companies and Government agencies to share relevant information without fear of privacy lawsuits is on the verge of obtaining Senate approval. In April, Congress passed its version of the Cybersecurity Information Sharing Act with backing from both Democrats and Republicans. Passage of this bill has been stymied by opposition from technology industry leaders, including Apple and the Computer and Communications Industry Association, a group that includes Amazon, Facebook and Google as well as other major industry players among its membership.
Hot on the heels of CCIA’s declared opposition, Twitter registered its protest just before the Senate’s procedural vote at the end of the third week of October. Twitter, like its compatriots from CCIA and civil liberties groups, opposes the bill on privacy grounds. Yet the bill is not without support from other technology industry trade groups and also is backed by the U.S. Chamber of Commerce. The Financial Services Roundtable is one such advocate that expressed its support for CISA in a letter to Congress. Members of the Roundtable include companies that might be considered most at risk from attack by cyber crooks. The Senate has indicated to both supporters and naysayers that the time for debate is over by passing a preliminary vote to advance the bill for final voting during the last week of October.
Here are some of the key issues that have surfaced during the debate:
- To its critics, the philosophy behind the Cybersecurity bill appears to be more about surveillance than it is about security. The bill does not outline proposed precautions to safeguard individual user privacy. This lack of clarity regarding how the government plans to safeguard individual privacy is the reason for much of the opposition to CISA.
- The fine line between privacy and cyber surveillance is not a new issue. The battle lines between tech companies that advocate for individual privacy protection and government agencies that want more regulation of the way technology companies handle customer data already existed before CISA was unveiled earlier this year.
- Supporters of the bill underscore that participation is voluntary, and that CISA will help technology companies identify threats to their security systems and potential breaches that imperil confidential customer data.
- CISA opponents are concerned that the bill sets a precedent which might be used to launch more legislation to expand the government’s review and regulation of data collection. They believe the proposed access by law enforcement agencies into data systems, including encrypted data, has many serious legal and ethical issues.
- The White House supports the bill but wants Homeland Security to run the information-sharing program. The administration also noted that it would “strongly oppose” any further amendments to expand the provisions of CISA as it currently stands.
- Concerns have been raised about the government’s ability to protect the data it secures through CISA. Critics argue that CISA will actually expose private data to more potential risk.
The security versus privacy argument is complex and there are no simple answers. The White House has yet to weigh in on the final resolution of the CISA conundrum and has stated that it is “committed to continue working with stakeholders to address remaining concerns.”