(MintPress) – Nearly a week ago, a GOP filibuster blocked a cybersecurity bill that would have created security standards for the computer systems that oversee the country’s most important infrastructure, such as mass transit systems and power grids. The bill has since been shelved by Congress, but President Barack Obama has insisted that America has not kept up an appropriate pace to ward off a cyber attack, and some speculation has mounted of whether he would push the legislation through with an executive order. As with Internet-related legislation proposals earlier in the year, opponents argue that the average consumer’s privacy could be compromised.
The Cybersecurity Act has been one of Obama’s sticking points as it pertains to homeland security, even expressing its urgency in a Wall Street Journal editorial warning against its failure to pass through Congress. He wrote that an attack on the systems that control banks or water systems could be devastating for Americans. In an email to reporters’ inquiries, White House press secretary Jay Carney suggested the president could take the fate of the bill into his own hands.
“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” Carney wrote. “Moving forward, the president is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that.”
While Internet legislation such as the Stop Online Piracy Act (SOPA), the Cyber Intelligence Sharing and Protection Act (CISPA) and the Protect IP Act (PIPA) targeted intellectual property and copyright at the turn of the year, their ultimate failure of policing the Internet has turned attention to a similar authority in a different guise.
The SECURE IT Act was introduced in March and would have required private sector Internet providers to share information with the government on anything they anticipated to be a threat. No action has been taken on the bill and it is currently stalled in committee.
Evolving threats
The recently filibustered Cybersecurity Act is seen by some as a devil in a new dress, still requiring businesses and public sectors to report anything suspicious to the government. The legislation was proposed by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), who said the failure of the bill shows that Congress is blind to the threat of cybersecurity threats that have already made their impact on the world.
“This is one of those days when I fear for our country and I’m not proud of the United States Senate,” Lieberman said following the vote. “We’ve got a crisis, and it’s one that we all acknowledge. It’s not just that there’s a theoretical or speculative threat of cyber attack against our country — it’s real.”
Gen. Keith Alexander, who heads the National Security Agency (NSA) and also the United States Cyber Command (USCC), has reported that the United States has seen a 17-fold increase in computer attacks on American infrastructure systems between 2009 and 2011. He said the U.S. has shown the capability of creating computer worms to use as cyberattacks, such as its creation of Stuxnet, which was made to take down Iran’s Uranium enrichment sites. But Alexander said that on a scale of 1-10, the U.S. is “around a 3” when it pertains to its ability to ward of a similar threat.
Also seen as a growing threat to the government is “hacktivist” group Anonymous. The organization has shown the capability to take down websites such as those belonging to the U.S. Justice Department, Universal Music and the Motion Picture Association of America (MPAA). The group has been vocal in voicing its discontent with legislation that polices the Internet, implementing a hack of the Justice Department when SOPA and PIPA were introduced.
Civil liberties implications
As it stands, two forms of the Cybersecurity Act currently exist – the original and an amended version that fixes some of the criticisms of the former. Proposed amendments to the bill include: data collected through the Cybersecurity Act could not be used to prosecute someone for an unrelated crime; ensuring data is not shared with local law enforcement agencies except in specific situations; and guaranteeing that the NSA, the entity responsible for wiretapping practices, would not be in charge of cybersecurity systems.
The Electronic Frontier Foundation (EFF), a nonprofit group that has spoken out against the Cybersecurity Act, said the amendments are a push in the right direction for cybersecurity legislation. It said past bills and the original version of the Cybersecurity Act are too vague and strip civil liberties such as free speech.
“The bills are written broadly and deliberately to permit Internet backbone providers, ISPs, carriers and online service providers like Google, Facebook and Twitter to intercept your emails and text messages, and possibly even modify, block, or filter those communications. They have this ability if it’s done with the intention of thwarting vaguely-defined ‘cybersecurity’ threats … ”
But EFF still has its gripes with the amended cybersecurity bill. The organization says the bill still allows for companies to engage in unconstitutional monitoring of user data. It urged that cybersecurity be implemented in the U.S., but said that hurrying legislation through Congress in the name of safety could undermine the rights of future Internet users.
“A company acting ‘for cybersecurity purposes’ would be able to bypass all existing statutory safeguards and pass ‘cybersecurity threat’ information to the government with no judicial oversight,” the EFF wrote. “They would be immune from both civil and criminal liability for any action, including but not limited to violating a user’s privacy, as long as they acted in ‘good faith’ and did not ‘knowingly’ and ‘intentionally’ violate your privacy.”
The American Civil Liberties Union (ACLU) has pushed back against Internet surveillance legislation since the beginning of the year. The group has continually denounced the practice of hoarding and disseminating consumer information without any oversight. The organization said rules are needed for how long the government can hold onto consumer information, who it can share it with and how it goes about obtaining the information.
“All existing privacy protections would be swept aside in the name of cybersecurity, opening up medical records, private emails, financial information – anything – to prying military eyes,” the ACLU said.