Cybersecurity has been on the congressional agenda for several years. In the Senate, the leading comprehensive cybersecurity package was introduced in February by Sens. Joe Lieberman, I-Conn., Susan Collins, R-Maine, and Tom Carper, D-Del. and is being reconciled with a cybersecurity bill out of the Commerce Committee.
In the House, Speaker Boehner tapped Rep. Mac Thornberry, R-Texas, to chair a cybersecurity task force consisting of Republican chairmen of key committees and subcommittees, and asked them to report in October.
In May the White House released its long-awaited cybersecurity legislative proposal, so now all of the legislative gears are turning.
There are a number of difficult issues raised by cybersecurity legislation that legislators have to work through. How much power should the government have to direct the cybersecurity responses of private networks as compared to government networks? What companies and assets should be deemed "critical infrastructure" subject to government regulation? Should the government have the power to monitor or order the shut down private networks? How can Congress best encourage information sharing between companies and the government without jeopardizing user privacy? The different proposals have drawn somewhat different lines on these difficult questions and more.
Congressional leadership wants to deal with the cybersecurity threat and both chambers have brought together members from key committees to work out differences and come up with common approaches. I am not unpacking my crystal ball, but this is one issue where Congress may find both the will and the way to get a bill to the president's desk.
6) Data Breach
This summer saw a continuing number of high-profile data breaches at major companies including Sony and Epsilon. While most states have data breach laws, current federal law requires notification of consumers in the event of a breach only in limited circumstances, such as when health information is involved. The twofold question before Congress is whether it should enact a federal data breach bill providing one national set of rules for companies that would preempt state laws and whether the federal law will provide consumers with the same high level of protection as the best state laws.
There are currently a slew of data breach bills pending in Congress, including proposals from Sen. Leahy; Rep. Rush; Rep. Mary Bono Mack, R-Calif., and Sens. Mark Pryor, D-Ark., and Jay Rockefeller, D-W.Va. All would create an overarching federal standard for data breach notification, as would a data breach provision in the White House cybersecurity bill.
Tech Agenda Has Big Footprint
Congress is only one important venue for critical technology issues. The U.S. Supreme Court this fall will hear perhaps the most important Fourth Amendment case in decades concerning whether the government can use GPS to track a person 24/7 without a warrant. Also, the FCC's net neutrality rules will take a step closer to being implemented this fall when they are published in the Federal Register, an event sure to trigger legal challenge. And the Federal Trade Commission and the Commerce Department are poised to release the final versions their respective privacy reports.
Leslie Harris is President and CEO of the Center for Democracy & Technology.