Congress Pushes Bills To Promote Cybersecurity

Dec 9, 2011
Originally published on December 9, 2011 4:12 pm

Transcript

ROBERT SIEGEL, HOST:

The House of Representatives has fast-tracked legislation meant to detect and stop Internet attacks. Last week, the House Intelligence Committee approved a bill that allows companies to share information about the traffic moving across their networks - maybe too much information, according to some privacy advocates who are worried about the bill.

Here's NPR's Martin Kaste.

MARTIN KASTE, BYLINE: House Intelligence Committee Chairman Mike Rogers believes America is under attack.

MIKE ROGERS: There is a cyber war that is going on today.

KASTE: In a recent speech to lobbyists for the technology and communications industries, Rogers said Internet attacks are on the rise. Attacks that shut down websites, sabotage computer systems and, sometimes, steal valuable private information.

The answer, he said, is the Cyber Intelligence Sharing and Protection Act.

ROGERS: If we're going to win this fight, we have to have more sentries on guard and what this bill will do is leverage every private IT security operation in every company in America to be on guard.

KASTE: The bill would allow government agencies like the NSA to share classified intelligence about looming Internet threats with companies here in the U.S. Jose Nazario, manager of security research at Arbor Networks, says information like that would help IT departments.

JOSE NAZARIO: It's going to enable, I think, a more deeper understanding and a quicker understanding of how extensive and how severe the threat is and what needs to be done to stop it.

KASTE: And the bill is a two-way street. It also allows companies to give the government information about what they're seeing on their private networks.

NAZARIO: It could be attachments. It could be attack code, that kind of thing.

KASTE: In the name of cyber security, companies could voluntarily share their customers' Internet communications with the government without worrying about breaking privacy laws. That's meant to reassure the communications companies that were sued when they cooperated with the Bush administration's warrantless wire tapping program and it's alarming to Greg Nojeim, the senior counsel at the Center for Democracy and Technology.

GREGORY NOJEIM, SENIOR COUNSEL, CENTER FOR DEMOCRACY AND TECHNOLOGY: Normally, when communications are going to the government, there has to be evidence of crime or an intelligence reason for a communication to be shared. There are exceptions to that rule. What this bill does, though, is create a sort of a bulldozer exception.

KASTE: He says the bill's definition of cyber threat is too vague, vague enough that it could be used as a legal shelter for a broader surveillance program.

The ranking Democrat on the House Intelligence Committee, Dutch Ruppersberger, dismisses that possibility.

REPRESENTATIVE DUTCH RUPPERSBERGER: And we're going to make sure that the public understands and knows that this is not about listening or getting information or privacy.

KASTE: The committee has added a requirement that the inspector general of the intelligence community keep tabs on how the cyber threat information is being used. Privacy advocates say that helps, but they're still hoping for stronger privacy protections in the Senate version of the bill expected next spring.

Karen Reilly helps to run the TOR Project. That's a system that lets people around the world avoid government surveillance through a network of random Internet tunnels. She says she actually sympathizes with the legislation's stated goal.

KAREN REILLY: There is a need for experts to share information because there are vulnerabilities in the Internet as it's set up right now. However, you have to ask, is that personally identifiable information? And where does it end up?

KASTE: And it doesn't exactly build her confidence, Reilly says, when the bill's supporters invoke the threat of cyber war.

REILLY: I get nervous when somebody puts cyber in front of anything. Often, it's done to make something sound scarier than it actually is.

KASTE: Martin Kaste, NPR News. Transcript provided by NPR, Copyright NPR.