Upon its return from Fourth of July break, some members of the U.S. Senate are preparing to introduce legislation that is touted to protect the Internet, though disagreements over provisions to be included in the bill have dampened efforts to reach a consensus on the legislation. In response to the efforts, major organizations have teamed up to ask Congress to keep the Internet free of government intrusion.
Senate Majority Leader Harry Reid (D-Nev.) has stated that he intends to push for a vote on cybersecurity legislation in July, an item he has called critical.
“There hasn’t been a time that I’ve talked with [Reid] in the last year where he hasn’t talked about the need to get cybersecurity to the floor,” Sen. Jay Rockefeller (D-W.Va.) told reporters after a Senate hearing last week. “No other subject reigns so supreme.”
Both parties are in agreement that the Internet needs to be protected from hackers who may be planning an attack on the computer system, and from those who are using the Internet to steal business secrets, but differences have made it difficult for the two parties to reach an agreement.
The U.S. House passed its own cybersecurity bill, the Cyber Intelligence Sharing and Protect Act (CISPA), in April, but President Obama has threatened to veto the bill, claiming it undermines privacy and fails to protect infrastructure.
Other critics of CISPA voiced fears it will negatively impact user privacy because of its broad language. They assert that it could lead to companies exchanging information that is unrelated to potential cyber attacks, such as user names, addresses, and Internet activity.
Lee Tien of the Electronic Frontier Foundation declared, “It’s a sophisticated scheme of removing legal barriers.”
Critics have also indicated that the bill could potentially allow military spy agencies to access the information that the companies share with the government.
The Washington Post reported in February that the National Security Administration had tried lobbying the White House for “unprecedented monitoring of routine civilian Internet activity,” but was rejected because of privacy concerns. CISPA would allow such monitoring.
Instead of CISPA, Democrats in the Senate, as well as the White House, have indicated support for the Cybersecurity Act, sponsored by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine). (Lieberman is Chairman of the Senate Committee on Homeland Security and Governmental Affairs and Collins is the ranking minority member on that committee.)
But The Hill notes that both CISPA and the Cybersecurity Act are similar in that they “would encourage companies to share information about cyberthreats with each other and with the government.”
Still, the Cybersecurity Act reportedly has greater safeguards for privacy protection. It includes provisions that require companies to utilize reasonable efforts to remove personally-identifiable information from the data that is shared with the government.
The Hill adds that the Cybersecurity Act “would also give the Department of Homeland Security a lead role in handling the information-sharing, which privacy advocates prefer to military spy agencies, such as the National Security Agency.”
For Senate Democrats, the key difference between the two bills is that the Cybersecurity Act includes provisions for the necessary infrastructure such as electrical grids and gas pipelines in order to meet minimum cybersecurity standards.
Republicans contend that those provisions would provide unnecessary burdens are companies without adding significant cybersecurity.
Republicans in the Senate are instead pushing for their cybersecurity bill, called the Secure IT Act. It is similar to CISPA by authorizing only voluntary information-sharing and does not set cybersecurity mandates. Senate Republicans believe the bill has the capabilities of garnering bipartisan support.
“There are consensus items here that everyone agrees on,” a Republican Senate aide said. “In a contentious election year, if we want to pass a law, we should focus on those consensus items.”
Democrats are unwilling to agree to any legislation that does not include provisions for infrastructure.
White House spokeswoman Caitlin Hayden said: “Cybersecurity legislation must include robust privacy protections and address the very serious risks facing the nation’s critical infrastructure.”
Senators Sheldon Whitehouse (D-R.I.) and Jon Kyl (R-Ariz.) are working on a draft bill that would be a compromise between the two parties.
But Senator Lieberman has stated concerns that if a cybersecurity bill isn’t passed in July, it won’t be passed at all, as attention will soon be turned strictly to upcoming elections, and the lame duck session will be preoccupied with budget and tax issues.
Meanwhile, as Congress continues to contemplate the cybersecurity bills, some influential groups are working to retain Internet freedoms. A group of privacy advocates including the American Civil Liberties Union, the Bill of Rights Defense Committee, and Fight for the Future are circulating a Declaration of Internet Freedom.
The declaration outlines five elements of a free and open Internet:
Expression: Don’t censor the Internet.
Access: Promote universal access to fast and affordable networks.
Openness: Keep the Internet an open network where everyone is free to connect, communicate, write, read, watch, speak, listen, learn, create and innovate.
Innovation: Protect the freedom to innovate and create without permission. Don’t block new technologies, and don’t punish innovators for their users’ actions.
Privacy: Protect privacy and defend everyone’s ability to control how their data and devices are used.
The Electronic Frontier Foundation explains its support for the declaration: “For too long in the US, Congress has attempted to legislate the Internet in favor of big corporation and heavy-handed law enforcement at the expense of its users’ basic Constitutional right.”
“Netizens’ strong desire to keep the Internet open and free has been brushed aside as naïve and inconsequential, in favor of lobbyists and special interest groups. Well, no longer,” the statement reads.
While some supporters of the Declaration contend that the newer cybersecurity bills tone down some of the more frightening provisions of SOPA and PIPA, they note that the Cybersecurity Act includes other causes for concern, such as provisions that empower the Department of Homeland Security to conduct “risk assessments” of private companies deemed critical to U.S. national and economic security.
ISPs AT&T and Comcast have denounced that specific provision, declaring that federal oversight will stifle innovation.
“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at a recent hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”
Photo: Senate Homeland Security and Governmental Affairs Committee Chairman Sen. Joseph Lieberman (I-Conn.) right, accompanied by the committee’s ranking Republican Sen. Susan Collins (R-Maine) speaks on Capitol Hill in Washington, Feb. 3, 2011: AP Images