On the heels of passing its most significant cybersecurity legislation in years, Congress is poised to tackle a slate of fresh digital issues in 2016.
Concerns over terrorists’ use of encrypted technology, proliferating hacks on retail companies, invalidated data transfers between the U.S. and the European Union and more have pushed lawmakers to urge action on cybersecurity.
Here are six lawmakers to watch on cybersecurity issues in 2016.
SENS. RICHARD BURR (R-N.C.) AND DIANNE FEINSTEIN (D-CALIF.) AND REP. MICHAEL MCCAUL (R-TEXAS)
In the wake of reports that the terrorists behind the deadly attacks in Paris and San Bernardino, Calif., used encrypted technology to plot the shootings out of sight of law enforcement, several lawmakers have urged immediate action on legislation governing the technology.
{mosads}The debate over whether it is technically feasible to provide law enforcement some form of guaranteed access to locked communications has emerged as one of the most contentious issues of the new year.
Security experts and tech firms insist that undermining encryption destroys the security of the day-to-day operations of the entire Internet. Law enforcement — led by FBI Director James Comey — say that tech companies need to change their business models to comply with legal warrants.
Sen. Dianne Feinstein (D-Calif.) is vowing to lead the charge on legislation that would require companies to decrypt data under court order.
“I’m going to seek legislation if nobody else is,” she said in December. She is working with Senate Intelligence Chairman Richard Burr (R-N.C.) to develop the bill.
House Homeland Security Chairman Michael McCaul (R-Texas) has also stepped into the debate, pushing for the creation of “a national commission on security and technology challenges in the digital age.”
The panel will be tasked with providing specific recommendations for dealing with an issue that has created a deep rift between Silicon Valley and Washington officials.
REP. WILL HURD (R-TEXAS)
The devastating hack of the Office of Personnel Management (OPM), uncovered in spring of 2015, rocked the federal government. The intrusion, which exposed 21.5 million federal employees and others, revealed deep deficiencies in how government agencies safeguard sensitive data.
The House Oversight Committee led the charge in investigating the OPM in 2015, calling for the resignation of then-director Katherine Archuleta and pressing the agency on its process for notifying victims.
Rep. Will Hurd (R-Texas), the chairman of the new House Oversight Subcommittee on Information Technology, told a cybersecurity conference this fall that Congressional oversight of federal cybersecurity is only going to get stiffer.
“Congress is doing a better job of playing our oversight role and you’re going to be seeing that,” Hurd said, noting that ensuring a robust federal IT infrastructure is an area where he has “a lot of latitude” — and that he expects to be exercising that authority in the coming months.
SEN. RON WYDEN (D-ORE.)
Known around Capitol Hill as a privacy hawk, Sen. Ron Wyden (D-Ore.) was one of the most vocal critics of a major cybersecurity bill passed as part of the 2015 omnibus spending package.
Wyden ultimately failed in his attempt to alter the bill’s text to boost privacy protections, but he garnered enough support that he felt his efforts to educate his colleagues gained some traction.
“When you have a reactive Congress — we’ve all seen these cyberattacks — and somebody says here’s a cybersecurity bill, you always have a big educational challenge,” he told reporters just before the Senate bill passed.
Wyden continues to crusade for tougher privacy laws as the U.S. and the European Union struggle to hammer out a new data transfer agreement to replace a predecessor that was struck down by the European high court this fall.
The court said that because of its surveillance practices, the U.S. couldn’t be seen to sufficiently protect citizens’ privacy. Wyden has criticized the ruling and used it to call on Congress to pass legislation boosting protections.
“They were saying that our privacy policies are not adequate now,” he told reporters this fall.
REP. JIM LANGEVIN (D-R.I.)
Rep. Jim Langevin (D-R.I.) has worked throughout the fall to raise Congressional awareness of a little-known international agreement governing export regulations for so-called intrusion software — digital hacking and surveillance tools that could be abused by repressive regimes.
Security experts argue that the arrangement defines “intrusion software” too broadly, effectively outlawing the export of legitimate tools that companies use to test and fortify their own defenses.
Langevin, along with his House cybersecurity committee co-chair Michael McCaul, gathered the support of at 125 lawmakers in urging the White House to step in and help rework the proposed rule late this month.
As written, they say, the rules “dramatically reduced our ability to defend our nation’s networks while only marginally reducing malicious actors’ abilities to use hacking tools.”
Other lawmakers expect Langevin’s efforts to educate members on the importance of the agreement will bear fruit.
“The whole issue of cybersecurity has been elevated, I think that’s why there’s a lot of member interest,” Rep. Ted Lieu (D-Calif.) told The Hill. “And I think people understand that one of the best ways to protect yourself against cyberattacks is to test your own system.”
REPS. DEVIN NUNES (R-CALIF.) AND ADAM SCHIFF (D-CALIF.)
Fresh off of a critical role in crafting the final version of the Cybersecurity Information Sharing Act, the House Intelligence Committee chairman and ranking member will be at the forefront of an ongoing debate over the extent of U.S. surveillance practices.
Through their committee roles, Nunes and Schiff are some of the key members of Congress overseeing the intelligence community.
Both supported a massive overhaul of the National Security Agency (NSA) passed earlier this year — although Nunes said later that the legislation was largely unnecessary. Schiff was a co-sponsor of the original bill.
The attacks on Paris and San Bernardino have reignited debate over the reforms, which ended the NSA’s bulk collection of phone metadata.
Security hawks, including Republican presidential candidate Sen. Marco Rubio (Fla.), have accused those who voted in favor of the bill of making America less safe.
In 2017, lawmakers will reevaluate the authorization of several controversial NSA programs, including the so-called PRISM program.
Privacy backers hope the deadline for that law will provide an opportunity to force changes in what data the government is allowed to collect.
WILDCARD
With a major information sharing bill signed into law, Congress turns its attention to the next challenge in domestic cybersecurity legislation: Data breach notification.
As high-profile breaches continue to make headlines, data security bills have cluttered both chambers this year. There are at least four offerings in both the Senate and the House. Sen. Mark Warner (D-Va.) is also reportedly circulating a discussion draft that appears to have strong support from retailers.
Most of the proposed legislation seeks to mandate cybersecurity requirements for retailers and set a minimum standard for reporting breaches — typically 30 days.
In the House, lawmakers from the Energy and Commerce Committee and the Financial Services Committee are in talks to combine their two competing offerings into a single bill supported by both committees.
Rep. Randy Neugebauer (R-Texas), whose Data Security Act passed out of the Financial Services Committee with broad bipartisan support, has expressed confidence that his language has a shot at seeing the floor.
But it is far from certain which bill — and which lawmaker — will emerge at the forefront of the race to mandate cybersecurity standards.