Don’t look now, the US Congress, specifically Senate Republicans, are trying to sneak another Web security bill by us. The bill, known as SECURE IT (SB 3342), is the Senate’s version of the Cyber Intelligence Sharing and Protection Act (CISPA), and according to The Hill, it “would remove legal barriers that prevent companies from sharing information about cyber threats with one another and with the government.”
SECURE IT does one thing that CISPA didn’t do, though. The bill makes an active effort to appeal to the concerns of privacy advocates who feared CISPA would give the US government unfettered access to Americans’ online information. Sen. Kay Bailey Hutchison (R-Texas) said she thinks this bill has a better chance of passing both the Senate and House of Representatives because it is a “consensus bill that will significantly advance the security of our government and private sector networks.”
Hutchison also said that the bill is much more focused on cyber threats than its predecessor. Sen. John McCain (R-Ariz.) agrees with Hutchison, adding, “The key to successfully fighting this threat is not adding more bureaucrats or forcing industries to comply with government red-tape.”
But perhaps the most important aspect of SECURE IT, is that it doesn’t give the US government overwhelming authority to set any mandatory security standards for critical infrastructure systems like electrical grids or gas pipelines. Both Senate Democrats and the White House have called for these standards, but Republicans argue that they could restrict and hamper business in the private sector.
One thing remains unclear though: How exactly would SECURE IT affect everyday Americans online? Like CISPA, this bill is designed to preemptively fight and defend against cybersecurity threats. And while the bill’s backers can (and will) claim that it isn’t a threat to Americans’ privacy, there are some who don’t see it that way. Kendall Burman, senior national security fellow at the Center for Democracy & Technology, said while the bill is a modest improvement over CISPA, the backers “have left a lot of room for further improvement.”
The Electronic Privacy Information Center’s Amie Stepanovich agrees with Burman, saying, “The Secure IT Act still fails to provide meaningful transparency and accountability protections. In addition, any bill that hands over U.S. cybersecurity operations to the National Security Agency and gives broad exemptions from the Freedom of Information Act drastically limits necessary public oversight.”
Once the US Senate reconvenes after its summer break, we will know a lot more about SECURE IT as a whole, but what do you think as of now? Is this bill just a wolf in sheep’s clothing or is it truly a step in the right direction for cybersecurity?