Cyber Security Act of 2012: Sound and Fury?

By | August 01, 2012

Posted in: Network Security Trends

So, at the same time Congress grinds its way to a Cyber Security Act that was designed to please everyone and satisfies no one, no one is quite satisfied and the amendments are flying thick and fast. As one witnesses the flurry of last-minute amendments, one has to wonder why all the fuss?

The Cyber Security Act of 2012 is still undergoing a bunch of amendments as Congress finally tries to pass something before it adjourns in August. It is worth noting that it has passed nothing up till now, not even being able to agree on national data breach notification. The sponsors satisfied the Republicans by taking the mandates out of the impositions on critical infrastructure, and satisfied the civil libertarians objections to the ill-conceived CISPA bill, which was shelved in January after President Obama threatened to veto it.

Nonetheless, Democrats concerned about civil liberties in particular are pounding the act with amendments. Sen. Ron Wyden (D-Ore.) in the first of three amendments, is to require the government to get a probable cause order to get geolocation data and make it a crime to track someone online. He also wants to limit government access to data stored in the cloud and limit sharing that information with the government. The second would prohibit the government from accessing private data held by the government simply because it provides information to the government as well. The third keeps requires the President to get congressional approval before signing any international cyber treaties.

Sen. Al Franken (D-Minn) would delete those portions of the act that allows ISPs to monitor customers behaviors and take action without government oversight.

Finally, Sen. Patrick Leahy (D-Vt.) issued a spate of amendments including making it a crime for companies to hide data breaches (they can’t really, anyway), and establish national data breach notification standards. Good idea that, but so far, years in the making without results. The crazy quilt of state laws seems to work as the national government spins its wheels.

What’s the upshot of all this? The main point of the law, which is getting lost in the last-minute rush of amendments, is to strengthen cyber security. It’s a mess. The main problem with the amendments is that while the Democrats and Republicans desperately want to pass something, it cannot and should not be done in a rush. The amendments will tie it up, if not in the Senate then surely in the House, where it faces an uncertain future under the best of circumstances. There’s a reason that no action has been taken for years and years. Separate the issues and address it all in separate pieces of legislation. This is getting us nowhere.

UPDATE:

As predicted, the Cyber Security Act of 2012. Republicans blocked it. The Civil Liberties Union exuded a sigh of relief, and President Obama says that the best efforts of the bill's sponsors just were not good enough.

You May Also Be Interested In: