Senators Joe Lieberman (I-CT), Susan Collins (D-WV), John Rockefeller (D-WV), Dianne Feinstein (D-CA), and Thomas Carper (D-Del.) are pushing for a vote on the revised Cybersecurity Act of 2012 before Congress goes on break in August.
The The Cybersecurity Act of 2012, S. 2105, was first introduced on February 14, 2012. After harsh criticism in regards to privacy-related issues and data sharing between the government and intelligence agencies, the bill was reworked.
On July 19, Sen. Lieberman unveiled a newer, revised version of the bill.
The Active Postreleased an summary of the new privacy-protective package. Major new privacy protections added to the bill:
1. Ensuring that only civilian agencies—not the National Security Agency—are in charge of our nation’s cybersecurity systems.
2. Ensuring data isn’t shared with law enforcement except in very specific, limited circumstances. Language in the first Lieberman-Collins Cybersecurity Act would have allowed data collected under cybersecurity purposes to be passed to law enforcement if there was evidence of criminal activity. This raised major concerns about our online service providers snooping through our communications for potentially incriminating data and passing it to the government without a warrant—a digital Big Brother. The new language of the bill limits data flowing to the government to information which appears to pertain to 1. A cybersecurity crime investigation; 3. An imminent threat of death or serious bodily harm; and 4. A serious threat to minors, like sexual exploitation and threats to physical safety.
3. Ensuring that data collected through cybersecurity programs can’t be used to prosecute other, unrelated crimes. The early version of the bill would have allowed data collected through cybersecurity programs to prosecute any crime—like copyright infringement or immigration status or drug usage. Now, the only crimes that can be prosecuted using data collected through S 3414 are violations of state or federal laws relating to computer crimes.
3. Carve-outs for free speech and terms of service violations. The new privacy package makes it clear that Constitutionally-protected free speech and terms of service violations won’t constitute a “cybersecurity threat.”
Today, the White House partially endorsed the Senate Cybersecurity bill according to the the National Journal,
“The administration strongly supports Senate passage of S. 3414, the Cybersecurity Act of 2012,” the White House said in a statement of administration policy. “While lacking some of the key provisions of earlier bills, the revised legislation will provide important tools to strengthen the nation’s response to cybersecurity risks. The legislation also reflects many of the priorities included in the administration’s legislative proposal.”
The Cybersecurity Act of 2012 has been added to the Senate’s legislative calendar by Senate Majority Leader Harry Reid and survived a procedural vote on Thursday. It will now be open to amendments. A vote is expected in the coming week, prior to August Senate recess.
The White House stated that it would not support the following amendments;
“(1) reducing the Federal Government’s existing roles and responsibilities in coordinating and endorsing the outcome-based cybersecurity practices; (2) weakening the statutory authorities of the Department of Homeland Security to accomplish its critical infrastructure protection mission; or (3) substantially expanding the narrowly-tailored liability protections for private sector entities.”