For the first time in at least four years, lawmakers and lobbyists aren’t sweating over the fate of a major cybersecurity bill as Congress heads into a critical summer work period. Yet some advocates are looking for signs of legislative life on two cybersecurity-related issues.
But supporters of long-stalled data-breach notification legislation and law enforcement access to encrypted communications, two issues stuck in the legislative chute, may not have much luck.
Congress returns on Monday for what many see as the last significant legislative stretch prior to the November elections. Lawmakers will adjourn in mid-July for the national political conventions and the August recess, and will be in session for only a few weeks in September.
That means the next six weeks are probably make-or-break for various legislative priorities.
Legislation to create a uniform national standard for notifying consumers of data breaches affecting their credit cards, medical records and other aspects of digital life has been pending for several years, unable to escape jurisdictional divisions in Congress and policy conflicts between the financial and retail sectors.
Although both industries, and probably a large majority of lawmakers, see a national standard as preferable to the current patchwork of state laws, the issue remains hopelessly bogged down.
“I get the sense that congressional leadership has set this issue aside for now with expectation that they’ll try again next year,” said one attorney who closely follows data-breach policy issues. “Frankly, the issues are resolvable. [But] this is an issue where it is possible for everyone to walk away better off than they are without a bill.”
The issue has gained no traction in the Senate, while rival bills have passed the House Financial Services and Energy and Commerce committees. The banking sector has lined up behind one, and retailers support the other.
The House Republican leadership has encouraged the two industries to work out a compromise, but lobbyists and Hill sources say such talks are very low-key and at a preliminary stage.
“I think the House would be interested in getting some marker out for the next Congress if they can get enough industry support,” said another industry source. “I think that’s all it would be though. I cannot see committee action on a bill this Congress.”
House leaders clearly aren’t interested in investing their own political capital into forcing a compromise.
Two rival approaches also have emerged on the issue of strong encryption, which was thrust into the spotlight by terrorist attacks in Paris and San Bernardino, Calif.
Senate Intelligence Chairman Richard Burr, R-N.C., and Ranking Member Dianne Feinstein, D-Calif., want tech companies to retain the ability to access encrypted communications on their devices, such as iPhones.
That proposal is strongly opposed by the tech community and civil libertarians, and the committee has yet to advance the proposal. Committee sources said it’s still unclear whether they will try to do so over the next six weeks.
House Intelligence Chairman Devin Nunes, R-Calif., has been cool to the Senate Intelligence Committee’s approach.
The other bill to watch is a proposal by House Homeland Security Chairman Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., to create a national commission that would examine issues around strong encryption.
Supporters are hoping both the House and Senate homeland security panels will move the legislation this summer, though nothing is scheduled yet.
And after that, it will probably be a long wait until a lame-duck session before there’s any chance of the legislation reaching the floor.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
