Joe Lieberman’s (I-CT) Cybersecurity Act of 2012 has passed through a number of hoops and has plenty more to go through before it can become law. But it now faces a possibly insurmountable foe: the business-minded Chamber of Commerce, the largest lobbying organization in America.
That’s a problem for Internet privacy advocates. Not because they like the Cybersecurity Act—few do—but because if it’s properly amended, there’s little they would be truly upset about.
Make no mistake, Washington seems determined to pass some cybersecurity bill or another. President Obama recently wrote an op-ed demanding the Senate pass one; the General who heads both the National Security Agency and the United States Cyber Command just said he’d rank America’s cyber defense capabilities as “around a three” out of ten. Even though many senators disagree with Lieberman’s act, they seem to only do so in favor of a different one.
If the Cybersecurity Act doesn’t pass (or maybe even if it does), the Senate will break for summer recess and then work on passing an alternate bill, like the Cyber Intelligence Security Protection Act (CISPA) or John McCain (R-AZ)’s Secure IT Act, both of which garner far more criticism.
"I don't think the privacy groups are the obstacle to the bill now," Lieberman said Tuesday. "The big obstacle is still the opposition from the Chamber of Commerce."
So what’s the Chamber of Commerce’s problem with Lieberman’s bill? Precisely the same issue that makes the Cybersecurity Act palatable for privacy advocates.
The purported goal of each of these bills is to stop, or at least slow down, cyber attacks from foreign agents onto companies connected to American infrastructure—like ones that control water treatment facilities, for instance. Both CISPA and the Secure IT Act would do that by giving government agencies access to those companies’ systems to look for evidence of attackers—and in the process, otherwise private user information. For activists, that’s unacceptable.
The Cybersecurity Act, on the other hand, would force such companies to adopt much stronger cybersecurity defense systems on their own. But the Chamber of Commerce, saying businesses can’t handle the financial burden of upgrading their systems, is telling Senators under its influence—and there are many; it’s given away more than $50 million in 2012 already—to vote against the Cybersecurity Act.
Lieberman has said that under the current bill, adopting tighter cybersecurity is voluntary and that the Chamber of Commerce’s criticisms are “mischaracterizations.”
The Chamber of Commerce didn’t return request for comment in time for this story. But in a blog post, the Chamber’s senior director of national security, Matt Eggers, called those voluntary regulations a slippery slope to mandatory ones: “The Chamber believes that once a government-driven ‘voluntary’ standards system is enacted, it’s only a short hop to a mandatory one because the administration has the intent and regulatory leverage,” he wrote.
Roy Blunt (R-MO) admitted he felt swayed by the Chamber’s opposition, considering it represented businesses, and businesses would be asked to adopt these measures. “You have to do everything you can to minimize the opposition,” he said.
The senate is expected to vote on the Cybersecurity Act Thursday.
Photo of Blunt via Facebook