Cybersecurity bill bombarded with amendments

Amendments to cybersecurity bill in Senate aim to boost privacy protections.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
3 min read

As the U.S. Senate races toward its August recess, lawmakers are filing tons of amendments to the Cybersecurity Act, a number of them designed to add privacy protections.

The amendments are an effort to meet the wishes of pro-business Republicans and pro-privacy Democrats and to reach a compromise that can be enacted into law. Sen. Harry Reid (D-Nevada) is pushing to get cybersecurity legislation voted on this week before the Senate breaks for recess in August.

The Democrat-based Cybersecurity Act of 2012, sponsored by Sen. Joseph Lieberman (I-Conn.) as it stands has already been modified to meet the needs of both sides of the aisle. Earlier this month, the bill was revised to remove a provision calling for critical infrastructure providers to meet minimum security standards, which Republicans argued was too regulatory and restrictive on businesses. It also added a provision preserving the civil liberties and privacy of users.

Republicans want security standards to be voluntary rather than government-driven and Democrats want to ensure that consumer privacy is protected when firms share information on cybersecurity incidents with the government.

More than 70 amendments have been filed, Broadcasting and Cable reported today. Some were totally unrelated to the topic of cybersecurity, such as gun control-related amendments and amendments that try to undermine the health-care law.

In one of his three amendments, Sen. Ron Wyden (D-Ore.) is trying to prevent warrantless tracking of people via GPS (Global Positioning System) data. Wyden wants clear rules for how and when the government can access location tracking data from individuals' cell phones and other electronic devices. Specifically, the first amendment would require that government agencies get a probable cause warrant to obtain geolocation data. It also would force corporations to get customer consent before sharing customer data outside the normal course of business and would make it a crime to secretly track someone's movements online.

Wyden also wants to limit government access to private consumer data stored by cloud-storage services alongside government data, and to strengthen limits on sharing individuals' personal information with law enforcement. The second Wyden amendment would prohibit government from accessing consumer's private data solely because it's stored by a company that provides information services to a government agency. And a third amendment would require Congressional approval before the president could enter the U.S. into a binding international agreement on cybersecurity.

Sen. Al Franken (D-Minn.) has introduced an amendment that would delete provisions in the Cybersecurity Act that allow ISPs and others to monitor their customers' communications and deploy countermeasures without government oversight or legal liability.

And Sen. Patrick Leahy (D-Vt.) yesterday filed several amendments also related to privacy, including provisions that make it a crime for companies to hide data breaches from customers, require companies with databases of sensitive consumer data to take security precautions, and call for a national standard for data-breach notification. In addition, he has proposed language that would allow people to share video-viewing history online, which is currently prohibited because of a law designed to protect video-rental records during the 1980s.

Lawmakers and the Obama Administration are anxious to get a measure in place to keep hackers, cyberspies, and malware out of the computer systems of power companies, utilities, and other critical infrastructure providers in the face of growing cyberattacks and threats.