The upcoming Senate vote on a bill to reform the National Security Agency (NSA) could make or break legislation on sharing cyber threat information in the lame duck.
Privacy groups are warning that they will oppose the cyber bill unless lawmakers first reform the NSA’s surveillance programs.
Supporters say allowing companies and the government to share information about cyber threats is critical to protecting the country from hackers. But privacy advocates remain wary of the intelligence community.
The cyber bill’s biggest hurdle, though, could come as early as next week, when the Senate takes a procedural vote on an NSA reform bill, the USA Freedom Act, which would rein in surveillance programs and strengthen the secret intelligence court overseeing the agency.
If the NSA bill passes, it could pave the way for cyber information sharing, backers say.
“Oh yeah, it would,” said House Homeland Security Chairman Michael McCaul (R-Texas). “I think that’s totally correct.”
But if the NSA bill dies, it could also deal a blow to the cyber sharing bill.
“The Senate absolutely must pass USA Freedom before it can even consider taking up cyber info sharing legislation,” said Robyn Greene, policy counsel for the Open Technology Institute.
Some critics of the cyber bill also say that CISA as currently written could weaken reforms enacted by the NSA bill.
“If CISA passes, it is quite literally an exemption to existing privacy protections,” added Gabe Rottman, legislative counsel and policy advisor with the American Civil Liberties Union.
“It would severely undercut everything that USA Freedom is trying to do.”
CISA’s co-author and main champion, Senate Intelligence Chairwoman Dianne FeinsteinDianne FeinsteinJustice requires higher standard than Sessions Senate to vote Friday on Trump's defense picks Senate seeks deal on Trump nominees MORE (D-Calif.), says the White House is adamant about moving first on surveillance reform.
But Feinstein thinks her bill can move independently of NSA reform, and some wonder if she will offer it as an amendment to USA Freedom during the lame duck session.
“In a different age, I would have said that would be a savvy political move,” said James Barnett, who oversaw the Federal Communications Commission’s earliest cybersecurity division. “But in this atmosphere?”
“If she does that,” Rottman warned, people might “pull support from USA Freedom.”
Surveillance reform and cybersecurity, two contentious issues in their own right, have been tied together since former NSA contractor Edward Snowden exposed classified government spying programs. That’s left some calling for cyber sharing legislation frustrated.
“We have to do things to secure the nation,” Barnett said. “By the same token, people need to have their privacy rights respected.
“No matter how you do it, those things are going to tug at each other,” he added.
An info sharing bill is also being held up on the House side.
McCaul has his own House-passed cyber information sharing bill, the National Cybersecurity and Critical Infrastructure Protection Act. That measure would facilitate cyber info sharing between the private sector and the Department of Homeland Security, instead of the NSA.
But McCaul said his bill is already hung up over a fight between the Homeland Security committees and Intelligence committees over which agency should oversee government websites.
Barnett, who supports CISA, is skeptical that even passage of NSA reform could put cyber sharing on the fast track.
“There are so many other things vying for the very few legislative days that I’m not positive CISA is going to find that sweet spot of support from both sides of the aisle to move it forward,” he said.