By Tim Starks, CQ Staff

Long gone are the days in the debate over cybersecurity legislation when the most furious conflict was between lawmakers and privacy advocates over whether the president would get the power to shut down the entire Internet in a cyber emergency.

AT ODDS: Though Lieberman and McCain often work together, they have competing cybersecurity bills. (BILL CLARK / CQ ROLL CALL)

Now, none of the most prominent cybersecurity bills contain anything even resembling the much-maligned “kill switch,” and the debate has shifted to whether new security regulations are needed to protect the most vital privately owned digital infrastructure from hackers, spies and criminals.

But privacy and civil liberties groups remain unhappy with the competing cybersecurity bills and how they promote sharing threat information between the government and private companies. The proposals, says Michelle Richardson, legislative counsel for the American Civil Liberties Union, range from “slightly bad” to “horribly bad.”

And the removal of any legislative language dealing with executive branch powers during a cyber emergency hasn’t changed the overall trend, says Lee Tien, senior staff attorney at the Electronic Frontier Foundation. “The trend is basically that they don’t do very much to address privacy and civil liberties,” Tien says.

While the debate’s shift from the kill switch to regulatory policy removed a big bone of contention for privacy groups, it introduced a new one. Business groups pushed back against new regulations, instead calling for a different way to address threats to computer networks: sharing information about those threats.

The provisions aimed at fostering that sharing are worrying privacy advocates, too. Richardson says the ACLU’s concerns revolve around what kind of information is shared, and with whom. In the Senate, she says, the bill that best addresses those issues is sponsored by Connecticut independent Joseph I. Lieberman, chairman of the Homeland Security and Governmental Affairs Committee, and several other top lawmakers. In the House, she says, the best bill is sponsored by Dan Lungren, a California Republican.

Those bills contain stronger requirements that businesses change data about individuals to make them anonymous before sending them to the government, Richardson says. They also use a civilian department, Homeland Security, as the hub of information sharing.

Two other proposals that deal heavily with information sharing — one from House Select Intelligence Chairman Mike Rogers, a Michigan Republican, and another from the top Republican on the Senate Armed Services Committee, John McCain of Arizona — are unpopular with privacy advocates.

Richardson says those bills have fewer requirements for making data anonymous and that the Rogers bill doesn’t define what kind of information businesses could share with the government. The McCain bill relies on components of the Defense Department, such as the National Security Agency and U.S. Cyber Command, as information-sharing hubs, while the Rogers bill doesn’t specify which federal agency would be in charge.

Another organization, the Constitution Project, also has concerns about how each bill governs what information businesses could share, as well as how that information could be used. The Rogers bill is the “scariest,” says Sharon Bradford Franklin, senior counsel with the group, while the Lieberman bill is more promising. “It’s so hard to know because it’s such a shifting landscape with these new bills coming in,” she says.

Listening to Outsiders

Sponsors of the bills say they are paying heed to privacy and civil liberties.