Cybersecurity Act Fails in U.S. Senate (And What This Means for the Privacy-Security Debate)

Posted by · August 2, 2012 1:55 pm

The President asked. The Senate said no. Now what? After President Obama took to the op-ed pages of the Wall Street Journal two weeks ago to call on the Senate to pass the Cybersecurity Act of 2012, it seemed that the time for a rational dialogue on the nation’s digital infrastructure had finally come. However, when it came to move forward with what was becoming an increasingly tolerable bill, the U.S. Senate responded to a call for a final decision by falling just eight votes short of the 60 needed to move the process forward.

The Senate’s 52-46 final tally, cast largely along party lines, effectively delivered a fatal blow to any hope of seeing the bill makes its way out of the legislature and onto the President’s desk.

Responding to the Senate vote, the White House made the following statement:

Despite the President’s repeated calls for Congress to act on this legislation, and despite pleas from numerous senior national security officials from this Administration and the Bush Administration, the politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better our nation from potentially catastrophic cyber-attacks.

. . .

[O]pposition to this vial national security bill, coupled with the deeply-flawed House information sharing bill that threatens personal privacy while doing nothing to protect the nation’s critical infrastructure, is a profound disappointment.

Echoing the sentiment of the executive branch, Senator Joe Lieberman, one of the sponsors of the Cybersecurity Act, lamented, “This is one of those days that I fear for my country and I’m not proud of the United States Senate.” The senator went on to suggest that the failure of Congress to address the bill’s central concerns would amount to a “colossal abdication” of the legislature’s responsibility.

The Implications of a Failed Cybersecurity Bill

As we attempt to sift through the partisan banter that serves to remind us we’re in election season—regardless of the bill at issue—it might seem difficult to separate fact from hyperbole. However, given the public’s relative familiarity with this particular debate and the long debate that’s been taking place since last year over the country’s cybersecurity vulnerabilities, there are a few conclusions that can be drawn without venturing into the political crossfire.

Personal Privacy Is Paramount

With the defeat of SOPA, PIPA, CISPA, and now, the Cybersecurity Act (CISPA’s sister legislation) behind us, one theme that runs consistently through each of these stories is this: The American people are fiercely defensive of their privacy rights and civil liberties. So defensive, in fact, that the public can easily be blinded to its own interests if they so much as perceive that these sacred rights are at risk.

Despite the President’s assurance that the Cybersecurity Act’s structure “protects privacy and civil liberties of the American people” and that he would “veto any bill that lacks strong privacy and civil-liberties protections,” the sordid history of this nearly year-long debate had already taken its toll. That is, election year or not, this bill was a long shot; and it failed.

As a result, a philosophical change is necessary if the safeguards on the nation’s digital infrastructure are ever going to be brought up to speed with those that have become commonplace in the protection of critical physical infrastructure.

Reacting to the bill’s defeat on Thursday, the ACLU’s Michelle Richardson made the following statement about the issue’s future:

Regardless of today’s vote, the issue of cybersecurity is far from dead. When Congress inevitably picks up this issue again, the privacy amendments in this bill should remain the vanguard of any future bills. We’ll continue to work with Congress to make sure that government’s cybersecurity efforts include privacy protections. Cybersecurity and our online privacy should not be a zero sum game.

To be sure, any successful future attempt to address the nation’s vulnerable digital infrastructure must begin and end with the preservation of these closely guarded protections.

Lengthy Bills Invite Suspicion

This bill is effectively meant to be a modernization effort, not a complete reformation of the entire regulatory system. Therefore, it begs the question: Does the bill really need to be hundreds of pages long?

Responding to an article on the Cybersecurity Act I wrote a couple weeks back, one commenter named Dan suggested, “This 211 page bill [is] about 200 pages too long. Get it down to 20 or so pages, and we can listen.” While I wouldn’t go so far as to put a specific page limit on the bill, Dan’s point is well taken. In fact, it speaks to a perception held by a significant portion of the public.

The longer the bill, the easier it is to either get caught in a perpetual cycle of criticism, or worse, lose the public’s attention altogether.

In order to avoid this pitfall, it is important that the next bill be as thorough yet concise as possible. Otherwise, as past attempts have clearly shown, privacy and civil liberties groups (EFF, ACLU, and others) will have little difficulty finding potentially harmful language to sour the public toward the bill and ensure its ultimate defeat.

Politicizing Necessary Public Policy Only Hurts Us

Perhaps the most valuable lesson to be learned from this entire debate is that name-calling (a bipartisan phenomenon), amendment-packing, and fearmongering are only useful if the intent is to create setbacks. The comparison of Republicans to “scared cats,” accusing Democrats of trying to “steamroll a bill” that’s been sitting on Capitol Hill for months now—all of it contributes to the complete stagnation of the policymaking process that is vital to addressing the needs of any changing society.

In this case, with the increased digitization of essential services including water treatment, power grids, and nuclear facilities, there is no question that such a need exists. However, it has become clear that addressing that need with meaningful policy has taken a back seat to senseless posturing and other counterproductive games that make a mockery of political process.

If ever a meaningful piece of cybersecurity legislation is to be passed into law with the public support this debate demands, the obstacles are all but clear…and easily avoidable.

For more on the Senate’s failure to pass the Cybersecurity Act…