US Lawmakers Offer Cybersecurity Olive Branch

WASHINGTON – Backers of a cybersecurity bill which stalled in Congress last year offered changes Monday in an effort to ease concerns of privacy and civil liberties activists.

The two top lawmakers on the House Intelligence Committee said the panel would meet Wednesday to vote on the Cyber Intelligence and Sharing Protection Act, a measure which passed the House last year but died in the Senate.

The lawmakers said they would propose several amendments to the bill, under which internet companies can give the government information about what they see as potential security threats and they are protected from liability for providing the information.

Last year, the measure provoked a storm of protests from Internet and civil liberties activists, and the White House threatened a veto.

Civil libertarians claim such laws could allow too much government snooping and conservatives say they would create new bureaucracy.

House Intelligence Committee chairman Mike Rogers and ranking Democrat Dutch Ruppersberger said lawmakers were listening to those concerns, but that the issue has become more pressing in the past year with revelations about new cyber threats.

“We’ve made some significant improvements,” Rogers told a conference call Monday, saying that he and Ruppersberger were backing amendments addressing key fears.

Ruppersberger said the White House “is still not behind our bill, but we are working with them and with the privacy groups.”

The lawmakers said they would insert a more narrow definition of national security in the bill.

The amendments would also seek to clarify that Internet firms could only use data about threats for cybersecurity purposes, not for marketing or other commercial uses, and would give more oversight to privacy officers at federal agencies.

“Because the threat is so real I think everyone realizes we have to do everything we can to come together to pass a bill to protect our citizens,” Ruppersberger said.

It was not immediately clear if the proposed changes would blunt criticism from the broad coalition of groups that unveiled plans last week to oppose CISPA.

Greg Nojeim of the Center for Democracy and Technology said the changes failed to address one key concern — that information could be accessed by the top-secret National Security Agency, a branch of the military.

“This endangers civil liberties, undermines transparency and therefore public trust, and drew a veto threat from the White House last year,” said Nojeim.

“While some of the amendments described today could be helpful, civilian control is the elephant in the room that CISPA co-sponsors refuse to address.”

Michelle Richardson of the American Civil Liberties Union told a Reddit forum Monday that “a lot of politicians are under the mistaken belief that CISPA is a narrowly targeted bill.”

“They are not aware of the sweeping implications of the bill — empowering the military on our Internet, sharing personally identifying info, use for non-cyber purposes,” she said.

President Barack Obama in February issued an executive order aimed at ramping up protection from cyberattacks, but said legislation is still needed.

US administration officials and lawmakers acknowledge that his order creates no new authority and that legislation is needed to better safeguard networks for key systems such as power grids, banks and air traffic control.

Related: White House Issues National Insider Threat Policy

Related: Obama Releases National Strategy for Information Sharing

Related: Department of Defense Expands Information Sharing Initiative

Related: Taking the Blinders Off – The Value of Collective Intelligence

Related: Combating Emerging Threats Through Security Collaboration