Revised McCain cybersecurity bill still doesn't protect privacy, say critics
An effort by eight Republicans lawmakers to reintroduce the Secure IT Act into the Senate with enhanced privacy protections hasn't satisfied critics of the cybersecurity legislation, who say the new version would still be too permissive.
Senators, including John McCain (R-Ariz.) and Kay Bailey Hutchinson (R-Texas) made public June 27 a version (.pdf) of the Secure IT Act (S. 3342), a bill previously introduced by McCain in June in competition to another cybersecurity proposal (S. 2105) backed by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine).
The newly revised McCain bill would require prior written consent from the private sector to permit the federal government to utilize information shared under a cybersecurity rubric for law enforcement purposes.
The definition of what constitutes "cyber threat information" is also somewhat tighter in the new version, although it includes a clause permitting the sharing of "any other attribute of a cybersecurity threat or cyber defense information that would foster situational awareness of the United States cybersecurity posture, if disclosure of such attribute or information is not otherwise prohibited by law."
Gregory Nojeim, senior counsel for the Center for Democracy and Technology, which has closely tracked cybersecurity legislation, said the revised Senate proposal is only a modest improvement over its previous version .
It still permits, Nojeim said, information shared for cybersecurity reasons to be used for unrelated purposes "and it permits private sector companies to share communications information directly with the [National Security Agency]," he said.
"The legislation remains a surveillance 'wolf' dressed in cybersecurity clothing," he added.