White House Economic Council Director Jeff Zients pointed fingers at Congress on Thursday for not acting fast enough on cybersecurity legislation, in the wake of news that North Korea was behind the Sony Entertainment cyberattack.
“We’re doing what we can within the executive authorities of the President to do what we can across the federal government — both protect the federal government assets and to work with the private sector — but in order to take this to the next level we need legislation,” he said at a Politico breakfast.
The Sony hack attack has breathed new life into controversial legislation often called the “zombie bill” by opponents because of its failure to launch. The proposed cybersecurity bill is intended to help companies and the government work together to thwart hackers through increased data sharing.
Senate Intelligence Committee Chairman Dianne Feinstein, D-California, said the November attack has increased urgency for the Cybersecurity Information Sharing Act, which failed to make it to the Senate floor in July, despite winning bipartisan committee support. Feinstein, who remains the committee’s top Democrat when the new Republican majority takes control in January, plans to reintroduce the measure.
“We must pass an information sharing bill as quickly as possible next year,” she said in a statement this week.
Privacy advocates have opposed the legislation — and it’s House companion — at every turn, since it was first introduced in 2012. They argue the bill’s broad language could breach the public’s privacy and civil liberties.
“Privacy advocates will be there to steadfastly oppose any privacy and invasive information sharing bills,” said Mark Jaycox, a legislative analyst at Electronic Frontier Foundation.
Every time there is a massive public security breach, the legislation gets a new lease on life, he said, but added there are already measures in place that foster information sharing between the private sector and the government.
A recent executive order issued by President Barack Obama created a program that allows companies to voluntarily share information with the Department of Homeland Security. Once a threat is deemed critical, the information would be disseminated with member companies. But Jaycox admits the government hasn’t done a good enough job at luring companies to join the network.
Although the proposed cybersecurity bills are also voluntary for companies to participate, language has been written into the bill that shields businesses from “frivolous lawsuits” and “unnecessary bureaucratic obstacles,” according to Sen. Saxby Chambliss, of Georgia, the top-ranking Republican on the Senate Intelligence Committee, and co-author of the Senate measure.
But privacy and civil liberties groups fear the expansive immunity for corporations will discourage companies from protecting their user’s data.