Cybersecurity: Legislation

Stewart Baker on Whom to Blame for the Failure of the Cybersecurity Bill

By Benjamin Wittes
Sunday, August 5, 2012, 6:59 AM

Over at the Volokh Conspiracy, Stewart Baker has this interesting piece on whom to blame for the collapse of the cybersecurity bill, which failed on a cloture vote in the Senate the other day. Baker suggests four culprits--two on the lobbying side and two on the governance side:

On the lobbying side, I’d nominate two candidates.

The US Chamber of Commerce is the Democrats’ favorite whipping boy. But in this case the Democrats are right.  The Chamber wanted this bill dead, and it rejected substantial efforts to accommodate its concerns on the part of Senators Lieberman, Collins, and Kyl – none of whom are exactly enemies of business. It simply pocketed the concessions and kept campaigning against the bill,threatening to make the issue a “key vote” and give supporters an antibusiness score on the Chamber’s scorecard.

A less obvious but equally important role was played by the privacy groups, whose contribution I’ve already described at length. The information sharing provisions in CISPA, the House bill, had support from all parts of Congress and from the Administration, but the privacy groups managed to make the provisions controversial nonetheless, trashing not just the Republican-supported CISPA but even the Obama Administration’s version of information sharing. That foreclosed any hope of reaching a compromise that would enact information sharing plus several uncontroversial provisions while stripping out the private sector standards (the Administration also rejected this half-a-loaf strategy).

Between them, business and privacy lobbyists provided the friction that made progress on the bill difficult.  Senators on both sides of the aisle were hearing from natural allies who opposed the bill.

And on the official side?

Sen. McCain played the largest role in rallying opposition to Collins-Lieberman and then was unable or unwilling to deliver a compromise when the chips were down. I’ve worked with him.  I respect him.  He’s an honest patriot.  But he miscalculated badly here.

So did the President.  Expressing disappointment, he declared that “the politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better protect our nation from potentially catastrophic cyberattacks.” In fact the President probably contributed as much as Senate Republicans to collapse of the bill.  When the House was considering cybersecurity legislation, the White House it issued a veto threat against CISPA on fairly flimsy grounds – mainly its half-a-loaf nature and some remarkably trivial differences over privacy protection (e.g., CISPA relied on Inspectors General to perform privacy reviews; the White House preferred to use the Privacy and Civil Liberties Oversight Board, despite having left that board without members for nearly all of the President’s first term).