Privacy advocates satisfied with Lieberman’s cybersecurity rewrite

Revisions that Sen. Joe Lieberman (I-Conn.) made to his Cybersecurity Act seem to have appeased privacy advocates who lobbied against an earlier version of the bill.

Michelle Richardson, a legislative counsel for the American Civil Liberties Union (ACLU), told The Hill that Lieberman and other co-sponsors made "substantial changes" and undertook a "Herculean effort to build privacy protections" into the bill.

Sharon Bradford Franklin, senior policy counsel at The Constitution Project, applauded the changes, saying they "go a long way toward alleviating our concerns."


"The amendments address key civil liberties concerns that have dogged the cybersecurity debate," agreed Leslie Harris, president and CEO of the Center for Democracy and Technology.

The statements mark a major shift for the privacy groups, which had urged the Senate to reject the previous version of Lieberman's bill to prevent an erosion of civil liberties. 

Supporters of Lieberman's bill, including Sens. Susan CollinsSusan Margaret CollinsOn The Money: Senate Dems to introduce resolution blocking Trump emergency declaration | Banks made billion in extra profits thanks to GOP tax law | IRS analyst charged with leaking Cohen's financial records Senate Dems to introduce resolution blocking Trump's emergency declaration The Hill's Morning Report - What to watch for as Mueller’s probe winds down MORE (R-Maine), Dianne FeinsteinDianne Emiel FeinsteinFeinstein says she thinks Biden will run after meeting with him Trump judicial nominee Neomi Rao seeks to clarify past remarks on date rape Bottom Line MORE (D-Calif.) and Jay RockefellerJohn (Jay) Davison RockefellerSenate GOP rejects Trump’s call to go big on gun legislation Overnight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term MORE (D-W.Va.), conducted months of negotiations behind closed doors with the privacy groups to develop the revised proposal.

Sens. Al FrankenAlan (Al) Stuart FrankenVirginia can be better than this Harris off to best start among Dems in race, say strategists, donors Virginia scandals pit Democrats against themselves and their message MORE (D-Minn.), Dick DurbinRichard (Dick) Joseph DurbinOvernight Energy: Trump ends talks with California on car emissions | Dems face tough vote on Green New Deal | Climate PAC backing Inslee in possible 2020 run Dems face tough vote on Green New Deal Durbin: Trump pressuring acting AG in Cohen probe is 'no surprise' MORE (D-Ill.) and Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Presented by National Taxpayers Union — Top Dems call for end to Medicaid work rules | Chamber launching ad blitz against Trump drug plan | Google offers help to dispose of opioids Top Dems call for end to Medicaid work rules after 18,000 lose coverage in Arkansas Overnight Health Care — Presented by National Taxpayers Union — Drug pricing fight centers on insulin | Florida governor working with Trump to import cheaper drugs | Dems blast proposed ObamaCare changes MORE (D-Ore.) also pushed for tougher privacy protections.

Like the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that passed the House in April, Lieberman's Cybersecurity Act would encourage companies to share information about cyber threats with the government. 

The privacy groups fought fiercely against CISPA, saying it would lead private companies to hand over their customers' personal information to military spy agencies. 

President Obama also threatened to veto CISPA over privacy and civil liberty concerns.

The revised Lieberman bill narrows the definition of what can be shared and requires that any information shared with the government must go to civilian, not military, agencies. The privacy groups argue that the legislation should not empower the CIA and the National Security Agency (NSA) to collect Americans' personal computer information.

The bill also dictates that the information can only be used for addressing cybersecurity threats and not other purposes, such as national security or criminal investigations. 

"We have worked very closely with Senate colleagues, privacy groups and industry to strengthen the bill's privacy protections without undermining the fundamental goal of improving information cybersecurity sharing," Feinstein said in a statement. "I believe the bill is stronger as a result of these changes."

But the privacy groups stopped short of a full-throated endorsement of the bill. The ACLU's Richardson said "not all of the problems with the Cybersecurity Act are solved yet," and Gregory Nojeim, a director for the Center for Democracy and Technology, said "more work needs to be done on the Senate floor to secure CDT’s support for this legislation." 

The groups' statement, however, focused on urging lawmakers not to water down the protections that are already in place.

But appeasing the privacy groups may have moved the bill's supporters farther away from winning over business groups.

One industry official argued that companies should not be restricted from sharing information with military agencies.

"Sometimes it is appropriate for us to talk directly with [the Defense Department] or NSA," the official said.