NSA revelations throw wrench into lawmakers’ cybersecurity push

Revelations about the National Security Agency's domestic surveillance programs could make it more difficult for Congress to pass cybersecurity legislation.

Civil liberties groups have long argued that the House's cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), could allow vast batches of private online information to fall into the hands of the NSA.

ADVERTISEMENT
The House passed CISPA earlier this year, but the Senate is still in preliminary talks about its own cybersecurity legislation.

News that the NSA has been collecting records on virtually all U.S. phone calls and monitoring certain Internet users through a program called PRISM have brought privacy fears to the front burner in recent weeks.

"I think that the recent disclosures about the NSA's conduct have put back the [cybersecurity] debate and they've changed it," Greg Nojeim, a senior counsel with the Center for Democracy and Technology, said at a panel discussion hosted by The Hill this week. "They've made it harder to pass cybersecurity legislation that has an information-sharing component."

He argued that the intelligence agencies would likely exploit vague language in cybersecurity legislation to gain access to new troves of private data.

"It highlights the need for really robust privacy safeguards," Sharon Bradford Franklin, a senior counsel with the Constitution Project, said during the discussion. "If nothing else, we've seen that the government will interpret its surveillance authorities aggressively and push to the bounds— and perhaps beyond the bounds—of what the text of the law appears to permit."

CISPA would remove legal barriers that prevent companies from sharing information about cyber attacks with each other. It would also allow them to share that information with the government.

Its supporters argue that it is critical for combating hackers that steal sensitive information and wreak havoc on computer systems.

Walter McCormick, the CEO of the U.S. Telecom Association, a lobbying group that represents phone providers, argued that CISPA would give private industry "the tools we need to keep infrastructure up and running."

He admitted that the controversy over the NSA programs could slow down cybersecurity legislation, but he argued that comparing CISPA and the surveillance programs is like comparing "apple and oranges."

"[CISPA] is about getting information—not about who's calling whom—but it's information about worms and viruses and denial of service attacks and the things we need to know that may be heading our way," he said during the panel discussion.

Rep. Mike Pompeo (R-Kans.), a supporter of CISPA, acknowledged that the news of the NSA programs is likely to influence the cybersecurity debate.

"I think it'd be foolish to say this discussion didn't cause everyone to lump these together," he said at the event, but he argued that they're a "discrete set of issues."

Before approving CISPA, the House adopted a series of amendments aimed at improving the bill's privacy protections, including one intended to limit the ability of the NSA to gain direct access to information. The bill now designates the Homeland Security Department as the primary agency for receiving cyber threat information.

But civil liberties advocates argue that those protections aren't enough to ensure the protection of private online information. They say the bill's language is unclear and could still allow NSA to receive personal information directly from companies.

The White House agrees and has issued a veto threat on the bill.