Congressman MIKE ROGERS | Representing Michigan’s 8th Congressional District

Washington, Apr 17 -

Revised House Cybersecurity Bill Appeases Some Privacy Group Concerns

CQ TODAY ONLINE NEWS – INTELLIGENCE
April 17, 2012 – 11:11 a.m.
By Tim Starks, CQ Staff

House Intelligence Chairman Mike Rogers said Tuesday that “we’ve made huge progress” appeasing privacy groups that have targeted his cybersecurity bill for criticism above all of the other legislation this year aimed at improving computer network defenses.

The Michigan Republican’s bill (HR 3523), which is meant to foster greater threat information sharing between the federal government and the private sector that owns the vast majority of the most critical digital infrastructure, is among several bills expected to come up for a House vote next week.

But starting this week, a coalition of privacy groups kicked off an online campaign to rally opposition to Rogers’ legislation, which the coalition argues would “negate existing privacy laws and allow companies to share user data with the government without a court order.”

Rogers’ panel has twice in the past several days released new drafts of the bill, most recently April 16, both times with changes intended to defuse privacy advocates’ criticisms.

“We’re finding language we can agree on,” he said in a speech to the Ripon Society, a moderate Republican group. “Are we going to agree on everything? Probably not. They don’t want anything, anytime, ever.” But, Rogers said, he hopes to give the groups “language that at least allows them to sleep at night, because I can’t sleep at night over these threats.”

Rogers outlined some of the changes that respond to the privacy groups’ complaints.

The bill now includes language allowing businesses that share information with the government to “minimize” personal data it passes along to exclude some details. The intelligence community’s inspector general would audit how the bill is being implemented.

The newest draft eliminates references to theft of intellectual property to avoid raising the same concerns as anti-piracy legislation (S 968, HR 3261) that generated broad negative public feedback in the winter. And it would allow lawsuits against the government for improperly disclosing personal data collected under the bill.

The latest drafts include other changes, but so far they have yet to answer one of the central complaints of the privacy groups.

The legislation “would allow ISPs (Internet Service Providers), social networking sites, and anyone else handling Internet communications to monitor users and pass information to the government without any judicial oversight,” said Rainey Reitman, activism director for the Electronic Frontier Foundation, in a news release April 16. “The language of this bill is dangerously vague, so that personal online activity — from the mundane to the intimate — could be implicated.”

Still, Rogers said Tuesday that he expects the bill to generate broad bipartisan support when it comes to the floor; the bill, co-sponsored by the top Democrat on his panel, C.A. “Dutch” Ruppersberger of Maryland, was approved by the panel on a 17-1 vote.

Although privacy groups still have problems with the bill and Rogers continues to work on revising it, Rogers said the key has been winning support from Silicon Valley and Wall Street. Technology companies’ opposition to the anti-piracy bills helped stop that legislation in its tracks.

Rogers said his bill was one of three to five that could come to the House floor next week. After that, the chamber could take up more bills, and then will have to see what the Senate does.

The primary Senate bill (S 2105) is a larger, more comprehensive measure, but has come under fire from business groups who have strenuously opposed the new regulatory authority it would give to the Department of Homeland Security to require some of the most vital critical infrastructure owners to meet security standards.

“That bill is in a lot of trouble,” Rogers said.

There have been talks between the two chambers, Rogers said, about the possibility of a scaled-back bill that would include information-sharing provisions, in the event that the primary Senate bill cannot muster enough votes for passage.