Security Experts:

Gun, Abortion Amendments Stall Senate Cybersecurity Bill

Senators Propose Non-Cyber Related Amendments To Cybersecurity Act of 2012, Including Banning High-capacity Ammunition Clips and Abortion

News Update: Cybersecurity Bill Fails in US Senate

Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation before Congress adjourns at the end of the week for its summer recess. The motion to proceed with consideration of the Cybersecurity Act of 2012 was passed in an 84-11 Senate vote last Thursday.

Senate Stalls with Amendments to Cybersecurity Bill

Senate may begin voting on amendments that have been added to the Cybersecurity Act of 2012 on Thursday or Friday, The Hill, a blog reporting on Congressional activities said earlier this week. Once all the amendments, of which there are more than 70 at the moment, have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess. However, the Democrats and Republicans have been unable to agree on which amendments will be considered, effectively stalling the bill.

The latest version of the Cybersecurity Act of 2012, sponsored by Sens. Joseph Lieberman (I-Conn), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.), Dianne Feinstein (D-Calif.) and Tom Carper (D-Del.), was re-submitted into the Senate July 24. Originally introduced in February, the bill has gone through several revisions to address concerns raised by civil liberties groups and business groups. The latest changes removed a provision that would have required critical infrastructure providers to meet minimum security standards, and added a provision preserving the civil liberties and privacy of users.

“It’s scary that we’re not doing something on this bill,” Senate Majority Leader Harry Reid (D-Nev.) said on the floor today.

A cloture vote to end debate is expected on Thursday, but the Lieberman appeared to be pessimistic the measure will receive enough Republican support.

“Inflexible positions are being taken,” Lieberman said as things began to look grim for his bill, The Hill reported. “People are not willing to come across political divides to address this problem.”

Even if the Senate manages to pass some form of the bill, it would still have to conference with the House to introduce a joint version of the bill. This one would then have to pass both the Senate and the House, and then be signed by the President in order to become law.

One amendment seeks to completely remote Section 701 from the Cybersecurity Act of 2012. Sens. Al Franken, Ron Wyden (D-Ore), and Ron Paul (R-Texas) filed an amendment to strike the section of the bill which would allow companies the explicit right to monitor private communications and deploy countermeasures without warrant. Section 701 gives new rights to ISPs and other companies that are overly broad, Franken said in a Senate floor speech last week. 

"So broad that if a company uses that power negligently to snoop in on your email or damage your computer-they will be immune from any lawsuit,” Franken said.

Sen. John McCAin (R-Ariz) has filed his own cybersecurity counter-legislation, SECURE IT, which failed to gain traction in the Senate, as an amendment. McCain's proposal would remove the provisions in the Cybersecurity Act which currently restrict the Department of Defense and National Security Agency from having access to user data submitted by private companies. McCain is also interested in removing the all the mandates and security requirements covering critical infrastructure providers.

Wyden filed three privacy amendments. The first one seeks to prevent warrantless tracking of people using GPS data and explicitly requires the government obtain a probable cause warrant to obtain any geolocation data collected by individuals' cell phones and other devices. The second prohibit the government from accessing consumer's private data stored by a company that has government contracts. The third requires Congressional approval before the president could sign any binding international agreements on cybersecurity.

Sen. Patrick Leahy (D-VT) also filed several data breach amendments, to create a nationwide breach notification standard and to make it a crime for companies to hide data breaches from customers. One would require the government to obtain a warrant based on probably cause every time a law enforcement agency wanted access to private communications.

Some of the amendments have nothing to with the topic on hand.

Sen. Michael Bennet (D-Colo) and Tom Coburn (R-Okla) filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Sen. Frank Lautenberg (D-N.J.) has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal.

Sen. Mike Lee (R-Utah) filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy as an amendment to the cybersecurity bill. Senate Minority Leader Mitch McConnell (R-Ky.) suggested an amendment to repeal the Affordable Care Act, which Reid immediately objected to.

"We can get this bill done and protect our security," Lieberman said Tuesday, requesting legislators to stop filing non-germane amendments to the bill. "Nobody believes we're going to repeal ObamaCare this week or we're going to adopt gun control legislation," he said, according to The Hill.

“The economic security of our nation hinges on this bill passing,” Tom Kellermann, Vice President of Cyber Security at Trend Micro told SecurityWeek. “Hopefully both parties can work together to ensure the sustainability of e-commerce and e-government.”

RelatedThe Political Push to Secure The Internet - The Information at the Heart of the Matter

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.