Supporters of cybersecurity reform are hoping a breakthough on the Patriot Act could pave the way for the Senate to consider their prized legislation.
Getting a surveillance reform measure through the Senate might assuage some of the privacy concerns that have held up cybersecurity legislation in the upper chamber, say supporters of the bill.
{mosads}“If a deal is reached, it may in fact improve the chances of cybersecurity legislation coming through,” said Jim Penrose, a former head of the National Security Agency’s Operational Discovery Center who is now an executive vice president at cybersecurity firm DarkTrace.
The Senate has been trying to move a bill that would shield companies from legal liability when sharing cyber threat data with the government.
Backers of the Cybersecurity Information Sharing Act (CISA) say exchanging more information on hackers will help the public and private sector harden network defenses that have been repeatedly breached over the last year.
A bipartisan group of lawmakers, government officials and most major industry groups are supporting the bill.
But civil liberties groups and several lawmakers believe the offering would simply shuttle more personal data to the National Security agency, further empowering its surveillance program.
The House passed two companion pieces of legislation back in April, but CISA has been mired in the upper chamber, lost amid the heated debate over re-writing the Patriot Act and reforming the NSA programs.
“I don’t think cyber information-sharing legislation is in any way off the table,” said Paul Martino, senior policy counsel at the National Retail Federation, which supports CISA. “I think it is just being held up right now in a traffic jam.”
Senators will try to clear up that traffic jam this weekend as they head back to D.C. for a rare Sunday session.
Most reformers are backing the House-passed USA Freedom Act, which would reign in the NSA’s more controversial surveillance programs.
If senators can get the USA Freedom Act passed before midnight Sunday — it’s three votes shy of reaching the 60-vote threshold needed to overcome a filibuster — CISA might be teed up next.
“Cyber info sharing seems like the next most likely issue to come up,” said Norma Krayem, a lobbyist with Squire Patton Boggs who co-chairs the firm’s cybersecurity industry group.
Getting the USA Freedom Act through Congress could win over some additional votes for CISA.
“If something can pass on surveillance does that mean it helps in terms of getting enough votes to pass information sharing? Yes, I think so,” Martino said.
In addition to ending the NSA’s bulk collection of telephone metadata, USA Freedom would institute more accountability mechanisms. It would institute a panel to advise the Foreign Intelligence Surveillance Court, which oversees intelligence agencies, on cases that may infringe on people’s privacy or civil liberties. The bill would also boost public reporting about the NSA’s spying programs.
Penrose believes senators who are worried CISA would embolden the NSA “may in fact take some piece of mind” from these privacy oversight provisions.
But the vitriolic debate that has caused the Senate to go down to the wire on the Patriot Act could also extend to the upcoming CISA discussion.
“It is inevitable that there will be spillover from this debate into the cyber debate, despite the fact that many of them had hoped to keep it separate,” Krayem said. “And if the cyber info sharing bill is the next one, then that debate could be much stickier.”
And no Patriot Act reform will truly mitigate all the privacy concerns floating around CISA.
“CISA could actually result in the kind of bulk surveillance activity that USA Freedom is intended to stop,” said Gabe Rottman, legislative counsel and policy advisor for the American Civil Liberties Union, which opposes CISA. “Once information flows from the private sector to the government, the military and intelligence community could store and mine it for purposes that go far beyond ‘cybersecurity.’”
Krayem believes the Senate could help tamp down these fears by tacking a data security bill onto CISA.
Several similar data security bills are floating around the Senate right now. All would set nationwide cybersecurity standards for companies handling sensitive information. Several of the measures have bipartisan support.
“If you think about the core basics in each of those bills, there’s a focus on privacy issues,” Krayem said. “It seems like that could be a very useful thing to please both sides of the aisle.”
Of course, all these plans could fall apart if the Senate lets the Patriot Act expire. Then lawmakers enter uncharted territory and CISA is likely to get further delayed.
“In some regards, it may make more time to concentrate on cyber,” Penrose said.
The Patriot Act is somewhat outdated, he said. It doesn’t necessarily map well to today’s Internet-connected world.
Having the law expire, he added, might allow lawmakers to “turn to the next phase of where our national security concerns lie.”