Privacy groups warn of ‘dangerous’ edit to cyber bill

Privacy advocates and security specialists are raising red flags about a potential “dangerous” amendment to the cyber bill currently under debate in the Senate.

The upper chamber on Tuesday took up the Cybersecurity Information Sharing Act (CISA), a bill that would encourage businesses to share more data with the government on cyber threats.

ADVERTISEMENT
Numerous lawmakers have been scrambling to edit the bill, seeking to either clarify its language or to attach long-desired bills.

Sen. Sheldon WhitehouseSheldon WhitehouseOvernight Defense: Officials make show of force on election security | Dems want probe into Air Force One tours | Pentagon believes Korean War remains 'consistent' with Americans Dems call for investigation of Trump Air Force One tours Dem senators introduce resolution calling on Trump to stop attacking the press MORE (D-R.I.) is pushing an amendment that he argues would give law enforcement more tools to fight hackers. It’s one of 22 provisions that Senate leaders have agreed to consider during the CISA debate.

The add-on would expand provisions within the Computer Fraud and Abuse Act (CFAA), a much-maligned law that makes it illegal to access protected computers and networks.

Whitehouse’s update would also let prosecutors seek up to 20 years of prison time for individuals who harm a computer connected to “critical infrastructure.”

The goal, Whitehouse says, is to help law enforcement crackdown on botnets, or armies of computers that have been remotely co-opted by hackers to launch a barrage of cyberattacks, often unknown to the computer’s user.

Botnets, Whitehouse said recently, “are a significant threat to the more than 100 million Americans who bank online.”

But civil liberties groups and security experts are pushing back. They believe the amendment could have a stultifying effect on legitimate computer security research and allow the government to punish low-level computer crimes with outsized sentences.

“The Whitehouse amendment fails to address ambiguity in current law that has led to the use of the CFAA to prosecute valuable security research, levy disproportionate penalties, and criminalize ordinary Internet activity,” said an open letter from 19 security specialists and 20 civil liberties and privacy groups.

The debate spilled onto the Senate floor on Tuesday.

When Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrOvernight Defense: Pompeo creates 'action group' for Iran policy | Trump escalates intel feud | Report pegs military parade cost at M Hillicon Valley: Twitter CEO Jack Dorsey sits down with The Hill | Drama over naming DHS cyber office | Fallout over revoking Brennan's security clearance | Google workers protest censored search engine for China Trump escalates feud with intelligence officials MORE (R-N.C.), a CISA co-sponsor, asked for unanimous consent to vote on his bill and its amendments on Thursday, leading CISA critic Sen. Ron WydenRonald (Ron) Lee WydenGroup files lawsuit to force Georgia to adopt paper ballots Treasury releases proposed rules on major part of Trump tax law Rubio slams Google over plans to unveil censored Chinese search engine MORE (D-Ore.) objected.

He specifically cited Whitehouse’s amendment.

"I am especially troubled” by the offering, Wyden said, arguing that it would “sig­ni­fic­antly ex­pand a badly out­dated Com­puter Fraud and Ab­use Act.”

Burr conceded that he “might even share Senator Wyden's concerns.”

As a “nongermane” amendment, Whitehouse’s desired edit would require several unanimous consent agreements to even reach a vote.

“We will work to see if in fact that amendment might be modified in a way that might make it a little more acceptable for the debate and for colleagues to vote on it,” Burr said.

CISA debate is expected to spill into early next week.

— Updated 3:28 p.m.