Cybersecurity Info Sharing Bills Seen Likely To Pass House, but Potential for Contentious Debate Remains
Prospects remain good for two cybersecurity information sharing bills to pass the House later this week, but there’s still potential for a contentious debate over privacy and liability protection aspects of the bills, industry lawyers and lobbyists told us. The House is expected to vote on the Protecting Cyber Networks Act (HR-1560) on Wednesday and the National Cybersecurity Protection Advancement Act (HR-1731) on Thursday, said the office of House Majority Leader Kevin McCarthy, R-Calif. The House Intelligence Committee-passed HR-1560 focuses on private sector sharing with U.S. intelligence agencies, while the House Homeland Security Committee-passed HR-1731 would establish the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center as the main federal civilian hub for information sharing. Both bills contain liability protection for companies that participate in the sharing programs the bills would establish.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The tenor of House debate on HR-1560 and HR-1731 will depend heavily on the amendments that the House Rules Committee ultimately agrees to move for consideration on the floor, said Norma Krayem, a policy adviser at Squire Patton. “The devil’s really going to be in the details,” she said. “I would suspect there will be a fair number of amendments filed this afternoon.” Some of the amendments will likely reflect efforts to reach a compromise on concerns about privacy and civil liberties protections in HR-1560 and the liability protections included in both bills, said an industry lobbyist who has been working on behalf of the bills. There has been a “tremendous amount of work behind the scenes” to address those concerns, Krayem said. “That’s been going on furiously since House Homeland Security finished” its markup on HR-1731 April 14, she said. House Rules had received 24 amendments to HR-1560 and 38 amendments to HR-1731, a committee aide said. House Rules is set to meet at 5 p.m. Tuesday in room H-313 at the Capitol to consider the amendments.
“I’m hopeful there will be amendments” to HR-1560 and HR-1731 that enhance privacy and civil liberties protections in the bills, though HR-1560 “would require some significant work to deal” with privacy advocates’ concerns with the bill, said Gabe Rottman, legislative counsel for the American Civil Liberties Union's Washington Legislative Office. The ACLU and many other privacy groups have said HR-1560 and its Senate equivalent, the Cybersecurity Information Sharing Act (S-754), are improvements over previous versions of S-754 and the controversial Cyber Intelligence Sharing and Protection Act but still don’t go far enough. Rottman said he believes that HR-1560 and S-754 still don’t provide sufficiently strict restrictions on how the government can use cyber threat information shared by the private sector, exposing a potential for the information to reach the NSA.
It’s unclear how much privacy groups’ opposition to HR-1560 will “manifest itself” in terms of actual votes cast against the bill, said Patrick Eddington, Cato Institute policy analyst. Cato opposes HR-1560 and HR-1731, which Eddington described as “bills in search of a problem” because they would create additional federal oversight on cybersecurity that Cato believes is unnecessary. “Nobody has a good whip count right now,” Eddington said. “Once these bills start to move” the level of support and opposition to the bills will become clearer. Rottman said he believes there’s significant potential for members of Congress to “split their votes” by voting against HR-1560 and for HR-1731. The ACLU believes HR-1731 is a “significant improvement” over HR-1560 in terms of privacy protections, Rottman said.
House leaders have “raised expectations” for passage of HR-1560 and HR-1731 by scheduling votes on the bills during a “cyber week” that also contains four separate House committee and subcommittee hearings on cybersecurity issues, said former FCC Public Safety Bureau Chief Jamie Barnett, a cybersecurity and telecom lawyer at Venable. “There’s certainly optimism in the air” about prospects for House passage of the bills, though “we’ve seen these things derailed before when there was some expectations that they would pass,” he said. House leaders’ push to bring HR-1560 and HR-1731 to a vote also reflects their desire to deal with the bills before they get tangled with the upcoming fight over reauthorization of the controversial USA Patriot Act Section 215, which authorized controversial NSA bulk collection of phone metadata, Barnett said. “I also think that Congress doesn’t want another major attack to occur without them taking some action” on cybersecurity legislation, he said.
If the House passes HR-1560 and HR-1731, it’s generally expected that the House will “marry” portions of the two bills into unified legislation that it will send to the Senate, Krayem said. The Senate is also trying to move on S-754, but leaders haven’t set a date for a floor vote. The bill is a priority for Senate Majority Leader Mitch McConnell, R-Ky., but is unlikely to supersede ongoing budgetary and foreign policy legislation, said an industry lobbyist who supports the bill. How the Senate treats the House bill in relation to S-754 will be “critically important for the interaction between DHS and intelligence agencies” in terms of information sharing, Krayem said. The fortunes of HR-1560, HR-1731 and S-754 will also depend on how leaders situate those bills in relation to data breach notification legislation, Krayem said. House Commerce Committee Chairman Fred Upton, R-Mich., has pushed for the House Commerce-passed Data Security and Breach Notification Act (HR-1770) to be combined into a final bill that also contains provisions of HR-1560 and HR-1731, prompting concerns from committee Democrats (see 1504150038).