The White House on Wednesday made a last-minute push to salvage the measure, taking pains to say that it believes the military does not need to be rifling through private communications to keep the nation safe from cyberattack. The director of the National Security Agency, Gen. Keith Alexander, on a conference call with reporters, reiterated that private companies would not have to share information with his agency, but only with the civilian-run Department of Homeland Security.
“We acknowledge the concerns on civil liberties and privacy,” the General said. If necessary, he went on, the Department of Homeland Security can relay threat information to military agencies like his by first scrubbing away personal information on U.S. citizens. The General insists that his agency is not tasked with spying on Americans, and that it is under orders from the White House to “minimize” whatever data it collects on U.S. citizens.
The original goal of the cybersecurity bill, sponsored by Sen. Joe Lieberman of Connecticut, was to let the government enforce minimum security standards for the computer systems that run power plants, air traffic control systems, dams and other critical infrastructure. The business lobby pushed back. The legislation now makes government oversight entirely voluntary.
Some of the most important parts of the bill now center on the sharing of information between private companies and government agencies — and therein lies the rub. There is a flurry of amendments to the bill, and a great many of them would either expand or limit the government’s powers of surveillance.
Senator John McCain, Republican of Arizona, wants language that could enable firms to share information directly with the National Security Agency.
Some Democrats, meanwhile, are seeking to tack on privacy protection
measures. Senator Patrick Leahy, Democrat of Vermont, has proposed an amendment that would require the government to obtain a search warrant based on probable cause every time a law enforcement agency wanted to
pry open e-mail communications by private citizens. Senator Ron Wyden, Democrat of Oregon, has said he wants to propose an amendment to require the police to obtain a warrant before extracting location data from
private cellphones.
The business lobby continues to be opposed to the legislation. It is worried about any obligations to share information about security breaches, lest it open up companies to lawsuits.
In a final push to pass the measure before Congress goes on recess, the White House counterterrorism adviser John Brennan urged Senators to overlook partisan politics and pass the bill in an effort “to give our cybersecurity professionals the tools they need to keep the nation safe.”
By Wednesday afternoon, there was no movement on the bill, and a cloture vote was expected on Thursday. Skeptics worried that it would take a significant cyberattack to rally Congress to unite across party lines in support of substantive security legislation.
“Most outside observers believe that we will only get effective cybersecurity legislation after there has been a crisis of some kind, and that then we are likely to overreact, trampling privacy and putting in place rigid requirements,” said James A. Lewis, a national security expert with the Center for Strategic and International Studies in Washington. “This is an outcome no one on the Hill wants, but it may be inevitable.”