Congress Pushes Bills To Promote Cybersecurity

Congress isn't doing much — with the major exception of cybersecurity. Citing rare bipartisan agreement and a common sense of purpose, members of both parties are advancing bills designed to protect American businesses and government agencies from hackers and intellectual property pirates. The proposed laws allow the government to block Americans' access to certain overseas websites, as well as make it legal for Internet service providers to share with the government information about emails and other traffic traveling their networks, in the interest of detecting and stopping cyberattacks. Sponsors of the bills say they're necessary to protect the U.S. from hacker disaster. But skeptics say the fears are overblown, and the legislation could take the U.S. closer to having its own version of the Great Firewall of China.

Copyright © 2011 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

ROBERT SIEGEL, HOST:

The House of Representatives has fast-tracked legislation meant to detect and stop Internet attacks. Last week, the House Intelligence Committee approved a bill that allows companies to share information about the traffic moving across their networks - maybe too much information, according to some privacy advocates who are worried about the bill.

Here's NPR's Martin Kaste.

MARTIN KASTE, BYLINE: House Intelligence Committee Chairman Mike Rogers believes America is under attack.

MIKE ROGERS: There is a cyber war that is going on today.

KASTE: In a recent speech to lobbyists for the technology and communications industries, Rogers said Internet attacks are on the rise. Attacks that shut down websites, sabotage computer systems and, sometimes, steal valuable private information.

The answer, he said, is the Cyber Intelligence Sharing and Protection Act.

ROGERS: If we're going to win this fight, we have to have more sentries on guard and what this bill will do is leverage every private IT security operation in every company in America to be on guard.

KASTE: The bill would allow government agencies like the NSA to share classified intelligence about looming Internet threats with companies here in the U.S. Jose Nazario, manager of security research at Arbor Networks, says information like that would help IT departments.

JOSE NAZARIO: It's going to enable, I think, a more deeper understanding and a quicker understanding of how extensive and how severe the threat is and what needs to be done to stop it.

KASTE: And the bill is a two-way street. It also allows companies to give the government information about what they're seeing on their private networks.

NAZARIO: It could be attachments. It could be attack code, that kind of thing.

KASTE: In the name of cyber security, companies could voluntarily share their customers' Internet communications with the government without worrying about breaking privacy laws. That's meant to reassure the communications companies that were sued when they cooperated with the Bush administration's warrantless wire tapping program and it's alarming to Greg Nojeim, the senior counsel at the Center for Democracy and Technology.

GREGORY NOJEIM, SENIOR COUNSEL, CENTER FOR DEMOCRACY AND TECHNOLOGY: Normally, when communications are going to the government, there has to be evidence of crime or an intelligence reason for a communication to be shared. There are exceptions to that rule. What this bill does, though, is create a sort of a bulldozer exception.

KASTE: He says the bill's definition of cyber threat is too vague, vague enough that it could be used as a legal shelter for a broader surveillance program.

The ranking Democrat on the House Intelligence Committee, Dutch Ruppersberger, dismisses that possibility.

REPRESENTATIVE DUTCH RUPPERSBERGER: And we're going to make sure that the public understands and knows that this is not about listening or getting information or privacy.

KASTE: The committee has added a requirement that the inspector general of the intelligence community keep tabs on how the cyber threat information is being used. Privacy advocates say that helps, but they're still hoping for stronger privacy protections in the Senate version of the bill expected next spring.

Karen Reilly helps to run the TOR Project. That's a system that lets people around the world avoid government surveillance through a network of random Internet tunnels. She says she actually sympathizes with the legislation's stated goal.

KAREN REILLY: There is a need for experts to share information because there are vulnerabilities in the Internet as it's set up right now. However, you have to ask, is that personally identifiable information? And where does it end up?

KASTE: And it doesn't exactly build her confidence, Reilly says, when the bill's supporters invoke the threat of cyber war.

REILLY: I get nervous when somebody puts cyber in front of anything. Often, it's done to make something sound scarier than it actually is.

KASTE: Martin Kaste, NPR News.

Copyright © 2011 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

Support comes from: