For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law.The bill has been revised to address many of the concerns of civil liberties and privacy advocates, and has answered the concerns of many. In fact, the ACLU says the improvements in the bill on civil liberties are "good news." They detail those changes:
• Ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies like the National Security Agency. The single most important limitation on domestic cybersecurity programs is that they are civilian-run and do not turn the military loose on Americans and the internet.The legislation also makes what were mandatory standards on the relevant industries optional, but still "establishes a 'National Cybersecurity Council' to 'coordinate with owners and operators of critical infrastructure.'" Congressional Republicans were intent on not allowing the federal government to enforce any regulation on these industries to make them protect themselves. The disastrous House-passed CISPA bill included no regulation or responsibility on the part of industry, so this is a modest improvement there. It's a huge improvement over the House bill on the civil liberties front.
• Ensure that information shared under the program be “reasonably necessary” to describe a cybersecurity threat.
• Restrict the government’s use of information it receives under the cyber info sharing authority so that it can be used only for actual cybersecurity purposes and to prosecute cyber crimes, protect people from imminent threat of death or physical harm, or protect children from serious threats.
• Require annual reports from the Justice Department, Homeland Security, Defense and Intelligence Community Inspectors General that describe what information is received, who gets it, and what is done with it.
• Allow individuals to sue the government if it intentionally or willfully violates the law.
The bill is slated to come to the floor of the Senate next week, and could certainly be subject to anti-privacy amendments, but it is a definite improvement on the first iteration of the Senate bill.