The House Will Consider a Disturbing Cybersecurity Bill

The House Will Consider a Disturbing Cybersecurity Bill

The House Will Consider a Disturbing Cybersecurity Bill

A proposed law would allow private companies to broadly share your electronic communications with the government.

Facebook
Twitter
Email
Flipboard
Pocket

Most people involved in the cyber-terrorism debate agree that better information sharing between the private sector and government is needed—the current law structure doesn’t allow for good enough cooperation between government security agencies and private companies who come under massive cyber-attacks.

One bill in the House, by Representative Dan Lungren, does a decent job of addressing these concerns. It’s being debated this month in the normal procedure of open committee sessions. But another bill, by Representatives Mike Rogers and C.A. Dutch Ruppersberger, containing potentially grave civil liberties violations, was approved in one secret session—and is the bill being promoted by Republican House leadership and industry groups.

The Rogers-Ruppersberger bill creates a “cybersecurity exception” to every federal and state law that allows private companies to share Americans’ private communications with the National Security Agency, the Pentagon, the CIA and basically any other federal agency that requests it. The Lungren bill, by contrast, limits all of the sharing to the Department of Homeland Security, a civilian agency—and this is an important distinction. The DoD’s Cybercommand, along with the NSA, are notoriously secretive and not subject to many of the transparency rules in place at DHS.

This takes the nation’s cybersecurity efforts—and all of the very delicate monitoring that goes with it—and transfers it to the military and away from civilian control.

Even more troubling, the Rogers-Ruppersberger bill doesn’t limit the type of information that can be shared to specific cyber-terrorism threats—the language is vague to the point where virtually any communication could be shared. The information simply needs to be “pertaining to the protection of” a system or network—not related to a known attack or threat. And all networks are included—not just, say, computer networks that run the power grid or control flight patterns. Since hackers often use routine Internet, this would allow ISPs to share virtually all Internet traffic with the government.

Once the government has possession of that information, it can use it however it wants—it does not necessarily need to pertain to a cyber-terrorism investigation. (The Lungren bill limits the use to “related law enforcement).”

It’s not hard to see how, if passed, the Rogers-Ruppersberger bill would allow private companies to share basically any private electronic communications it wanted with any government agency, for virtually any purpose. The ACLU, the Electronic Frontier Foundation and the Center for Democracy and Technology are launching major campaigns to stop it.

Rogers has defended his bill on the grounds that information-sharing by private companies is completely voluntary under his proposed law, which is true. But he doesn’t mention that, in exchange for sharing the information, the companies receive help from the NSA in identifying a cyber-attack—and more importantly, under Rogers’ bill the companies receive blanket immunity from any lawsuits pertaining to the sharing.

In an op-ed for ABC News, Leslie Harris of the Center for Democracy and Technology explains this is why the industry is backing the bill:

For companies, the answer is easy: there is freedom to share information with whatever entity you please, blanket immunity for sharing, blanket immunity for a recipient of shared cybersecurity information who fails to take protective measures even when they are clearly needed, and no regulatory burdens are imposed.

The Rogers bill, along with the Lungren bill, will be debated the week of April 23. We’ll be sure to stay on top of it.  

We cannot back down

We now confront a second Trump presidency.

There’s not a moment to lose. We must harness our fears, our grief, and yes, our anger, to resist the dangerous policies Donald Trump will unleash on our country. We rededicate ourselves to our role as journalists and writers of principle and conscience.

Today, we also steel ourselves for the fight ahead. It will demand a fearless spirit, an informed mind, wise analysis, and humane resistance. We face the enactment of Project 2025, a far-right supreme court, political authoritarianism, increasing inequality and record homelessness, a looming climate crisis, and conflicts abroad. The Nation will expose and propose, nurture investigative reporting, and stand together as a community to keep hope and possibility alive. The Nation’s work will continue—as it has in good and not-so-good times—to develop alternative ideas and visions, to deepen our mission of truth-telling and deep reporting, and to further solidarity in a nation divided.

Armed with a remarkable 160 years of bold, independent journalism, our mandate today remains the same as when abolitionists first founded The Nation—to uphold the principles of democracy and freedom, serve as a beacon through the darkest days of resistance, and to envision and struggle for a brighter future.

The day is dark, the forces arrayed are tenacious, but as the late Nation editorial board member Toni Morrison wrote “No! This is precisely the time when artists go to work. There is no time for despair, no place for self-pity, no need for silence, no room for fear. We speak, we write, we do language. That is how civilizations heal.”

I urge you to stand with The Nation and donate today.

Onwards,

Katrina vanden Heuvel
Editorial Director and Publisher, The Nation

Ad Policy
x