House Passes Cybersecurity Bill Amid Privacy Protests

The cybersecurity bill – officially the Protecting Cyber Networks Act (PCNA) – has been pushed through following a spate of targeted attacks on the retail, financial and healthcare sectors over the course of the past 12 months. Those attacks resulted in hackers obtaining tens of millions of private and confidential records, including Social Security numbers, credit card and financial details, medical information and insurance details.

On Wednesday, the Protecting Cyber Networks Act went to the vote in the House of Representatives, and the bill was passed 307-116. The main purpose of the bill is to allow a real-time threat detection system to be established in the fight against hackers, with the bill paving the way for this by allowing greater sharing of information relating to cybersecurity threats with the government departments tasked with combating those cybersecurity threats.

A Backdoor to Allow Increased Government Surveillance

The bill is certainly not without its critics. While the sharing of information between corporations and government departments should certainly help to improve the response time after an attack – which can be critical – a consequence of this is the removal of certain barriers to information sharing that exist at present, one of those barriers, as the critics point out, is the right to privacy of American citizens.

Since the bill would effectively give companies legal immunity to share data with the NSA, there is concern about exactly what data will be shared, and for what exact purposes. Many of the privacy protesters are arguing that the real purpose of the bill, or certainly a very convenient consequence of it, is that it will allow the NSA and other government agencies to increase their surveillance of U.S citizens.

Privacy proponents and civil liberties groups are united in opposition of the Protecting Cyber Networks Act. The debate has been running for some time, and according to the NY Times, it continued on the house floor as the bill went to the vote.

According to the articles, Representative Jared Polis, Democrat of Colorado, said “We’ve seen before that the federal government has a poor track record of safeguarding our information when entrusted with it,” he went on to say “The last thing we should be doing is empowering them with more information access.”

On the house floor, prior to the vote Representative Darrell Issa, Republican of California was reported to have said “Since 9/11 the government has begun to know more and more about what we are doing, where are, where we sleep, who we love,” however, he said consumers “have known less and less.”

Civil Liberties Groups Unite Over PCNA

Earlier this week, 55 civil liberties groups united and signed a letter criticizing the Act for the broad access rights that it effectively gives a host of government agencies, the letter reads “PCNA would significantly increase the National Security Agency’s (NSA’s) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity.”

“The revelations of the past two years concerning the intelligence community’s abuses of surveillance authorities and the scope of its collection and use of individuals’ information demonstrates the potential for government overreach, particularly when statutory language is broad or ambiguous,” the letter goes on to say that the new Act

“Fails to provide strong privacy protections or adequate clarity about what actions can be taken, what information can be shared, and how that information may be used by the government.”

It has been pointed out by privacy advocates that the legislation has been set up to protect citizens and assure their privacy will simply be bypassed by the new Act; legislation such as the Health Insurance Portability and Accountability Act, the Electronic Communications Privacy Act and the Wiretap Act.

PCNA Includes Some Privacy Protections

However, the bill was passed by a convincing majority and privacy protections were considered, and prior to the vote, Congressman Adam Schiff pointed out that, “In the process of drafting this bill, protecting privacy was at the forefront throughout, and we consulted extensively with privacy and civil liberties groups, incorporating their suggestions in many cases. This is a strong bill that protects privacy, and one that I expect will get even better as the process goes forward—we expect to see large bipartisan support on the Floor.”

While critics of the legislation argue that there are few privacy safeguards included in the Act, a number of protections have been included to afford Americans some digital privacy. When companies provide data to the government they are required to de-identify that data by removing personal identifiers. Should a company fail to do this, that data will then pass through a filter at the government end which will perform this task before that data is passed on and is viewed.

White House Gives PCNA its Backing

In spite of issuing a threat to veto the Cybersecurity Information Sharing Act (CISA) last year, the White House has publicly given PCNA its backing. The veto threat was due to privacy concerns about the Act; although it is possible that now a swathe of major breaches have been caused by hackers – Allegedly emanating from North Korea and China in many cases – many who opposed the bill appear to have changed their minds. The hacking attacks at Target, Sony Pictures, Anthem, Community Health System and Premera Heath over the past few months have clearly shown that something needs to be done about cybersecurity and fast. Whether this bill is the answer, and if it will become legislation, remains to be seen.

The Act will still need to be passed by the senate, but with current support from the White House it is looking likely that both CISA and PCNA will be passed. However, it is possible that President Obama may change his mind and veto the bill amid privacy concerns. At the present time that looks unlikely.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.