Just when you thought the fight over government surveillance powers was over, the Senate is poised for another battle, this time over a cyber security law that some civil libertarians have dubbed “Patriot Act 2.0.”
On Tuesday, Senate Majority Leader Mitch McConnell announced that he would attach a bill aimed at improving U.S. cyber security to a mammoth defense policy bill, rather than let senators vote for the cyber measure on its own. That in and of itself is a risky move, given that the White House has already threatened to veto the defense bill. But it’s also raising the hackles of some lawmakers, who see the cyber legislation as an attempt to expand government surveillance of Americans while posing as a move to fight hackers and spies.
“I will be fighting to ensure the Senate has a full debate and a chance to offer amendments to add vital protections for American privacy and address the threats to our cybersecurity,” Sen. Ron Wyden said in a statement Tuesday. Wyden, who was the only member of the Senate Intelligence Committee to vote against moving the bill forward to a full vote last March, seemed to leave open the possibility of using filibuster-style tactics to hold up the measure, just like his fellow surveillance opponent, Sen. Rand Paul, used parliamentary procedures to force some surveillance powers under the Patriot Act to expire earlier this month. The Senate voted to reinstate most of them a few days later.
Keith Chu, a Wyden spokesman, told The Daily Beast that the senator hasn’t made a decision about how he will proceed. “But he’s making clear that [McConnell] should allow debate on the bill.”
One key member of the House of Representatives, which has already passed its version of the cyber bill, is worried about a repeat of the late-night, eleventh-hour dramas that accompanied the Senate’s debate over the Patriot Act, and in particular the authority it gave the National Secuirty Agency to collect Americans’ phone records.
“Unfortunately, there’s every indication that that’s likely to happen” with the cyber bill, Rep. Adam Schiff, the senior Democrat on the House Intelligence Committee, told The Daily Beast.
Schiff said he didn’t foresee the White House withdrawing its opposition to portions of the defense bill just to ensure that the cyber legislation passes. “I think if it’s an effort to bootstrap onto [the defense bill] to force the president’s hand, it won’t work,” he said. “And it will set back the time it takes to pass cyber information sharing.”
But the stage appeared set for another showdown in the Senate. In a letter to McConnell, the chamber’s four most senior Democrats called his effort to sandwich the cyber and defense bills together “ridiculous.”
“While we must ensure America’s national security, we cannot trifle with Americans’ civil liberties,” they wrote.
The bill before the Senate, called the Cybersecurity Information Sharing Act, would provide a framework for companies and the government to exchange data about cyber attacks on private computer networks, in the hopes of increasing awareness about hackers who are trying to steal to Americans’ financial information, probe critical infrastructures such as the power grid, and infiltrate important computer networks in the government. But critics worry that it will create another route for companies to hand over even more personal details about innocent Americans than they already are.
McConnell’s move comes on the heels of a massive breach of data from the Office of Personnel Management that exposed more than 4 million current and former federal government employees’ personal information. The data were allegedly stolen by hackers in China. Schiff said the breach added “a brand new sense of urgency” for enacting a long-sought cyber security law.
The legislation appeared on its way toward passing two years ago when it was derailed by Edward Snowden’s revelations of secret government surveillance. But the measure has gained new momentum amid a backdrop of seemingly relentless attacks by North Korea, China, Iran, and Russia.
The contours of the cyber debate are much the same as over the Patriot Act and other surveillance authorities. “The so-called cybersecurity bill in the Senate would encourage private companies to share their customers’ information with the government, without giving individual Americans real assurances their private information will be protected,” Wyden said in a statement Wednesday.
Schiff said that in response to those concerns, the House strengthened requirements on companies to strip out any personally identifying information before they send data on hackers over to the government, and then required the government to do a second round of “scrubbing” to ensure that the information didn’t contain anything that could identify someone who was not a threat.
“We really took, in good faith, steps to dramatically reduce the privacy risks,” Schiff said. “There will always be opponents to any form of intelligence authorization, in part because that’s how they make their living. But I think we’ve addressed the privacy concerns in a very diligent way.”
A group of nearly 50 technology experts and civil libertarians has warned (PDF), however, that the bill would give “automatic NSA access” to information that companies share with the government and allow “overbroad” use of the information by law enforcement agencies, including for crimes that involve physical force or terrorism and that don’t have an obvious connection to cyber attacks.
The ACLU has called the legislation “one of those privacy-shredding bills in cybersecurity clothing” and warned that it could be used to prosecute whistleblowers under spying laws.
The bill “would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings—including going after leakers under the Espionage Act,” the ACLU said after the bill passed the Senate Intelligence Committee.
Under the Senate’s rules, lawmakers cannot add amendments to the bill once it is made part of the bigger defense package, but they can introduce individual amendments to that legislation.
Sen. Al Franken joined Wyden on Wednesday in vowing to push for a full debate and the chance to modify the cyber provisions. “I will oppose this move” to lump the bills together, Franken said. “The American people deserve better; they deserve a transparent legislative process and a bill that promotes cyber security without jeopardizing their rights.”
But the measure has strong support in the House, where an earlier version passed overwhelmingly. And business leaders have issued strong statements of support for the measure’s swift passage. The Financial Services Roundtable, which represents banks and other financial companies, and the Securities Industry and Financial Markets Association are both backing the bill. The financial services sector is one of the key areas of the economy that the bill’s backers mean to shore up.
“The industry—as a whole and in partnership with the government—has dedicated tremendous resources to mitigate cyber threats to protect the integrity of the capital markets and the millions of people who use financial services every day,” Kenneth E. Bentsen Jr., the president and CEO of the securities group, said in a statement Tuesday. “As we’ve seen from recent events, there is too much to lose by inaction.”