TNW has reported incrementally on the status of cybersecurity legislation in both houses of the US Congress since the moment the Cyber Intelligence Sharing and Protection Act (CISPA) began its trek to becoming a household name. As you certainly know by now, CISPA passed the US House of Representatives. The Senate is working on its own cybersecurity bill.
One candidate to be the Senate’s offered piece of legislation is the Secure IT Act, sponsored by prominent members of the chamber such as John McCain and Saxby Chambliss. The bill has been revamped, it was made known today, to help meet the concerns of privacy advocates who fought CISPA. The Hill summarizes the changes in the following way:
The new version of the legislation, S. 3342, aims to address the concerns of privacy advocates, who had warned that the old bill would give spy agencies access to Americans’ private online information.
More specifically, the new language of the bill makes it plain that the US government cannot keep information that is has accreted due to cybersecurity worries, and use it for anything else; that clarification is a step in the right direction, but likely not one that will silence critics of the bill. The Secure IT Act, just as with the Cyber Intelligence Sharing and Protection Act, removes walls between ISPs and other firms and the government, letting information travel more fluidly betwixt them.
As that shared data can include heretofore private user information, some worry. The revamped Secure IT does not, it appears, answer that issue comprehensively. Some fear that their personal browsing information, search history, passwords, or other pieces of their private lives could end up in the hands of US intelligence agencies, and other units of government. Without proper controls, that would, in theory, be possible. The conduit for information that CISPA created, for example had a great many people worried about exactly that scenario.
However, as we have reported, there is still a major sticking point in process of passing any cybersecurity bill at all: standards. From our previous coverage:
Now, to why Congress is stuck, in the shortest number of words I can mange: CISPA is a bill that the White House has promised to veto. The Lieberman-Collins has a nod of approval from the President. However, the two bills are quite different in that CISPA lacks cybersecurity standards for critical infrastructure. The House, where CISPA was passed, hates the idea of new regulation. The Senate finds it to be crucial. Thus, gridlock. And so, Lieberman wants the Senate to pass his bill, so that the House and Senate can start to work together on something that can pass both chambers, and the President’s pen.
Critically, the Secure IT act contains no set standards, making it potentially unpalatable to the Obama administration. Therefore, even if it does pass the Senate, and it’s not yet on the floor for debate, it could still be essentially DOA.
And there you have it, the current status of cybersecurity bill in the US. For a chronological walk down cybersecurity lane, head here.