Concerned about your safety online? The Obama administration has introduced a new set of rules aimed at boosting Internet security. The proposal got its first public hearing Tuesday before the Senate Judiciary Committee, where a privacy-minded Congressman and administration bureaucrats argued for the proposal.
No one at the hearing raised concerns, levied by some cybersecurity experts, about possible problems with the proposal, including that the federal proposal might limit some tougher state laws already in effect. Instead, the committee focused on the need to do something at the federal level to combat cyber attacks.
“I think this is probably the greatest challenge facing our country today,” Sen. Patrick Leahy (D-VT), chair of the Judiciary Committee, said during the hearing. “What happens if one of these cyber terrorists closes down one of our power grids? I mean these are major concerns.”
[Related Article: Obama Proposes New Rule for Data Breaches]
Under the administration’s proposal, cyber attacks would become crimes under the Racketeering Influenced and Corrupt Organizations (RICO) Act, synchronizing prosecution of computer charges with other types of crime and giving convicted criminals longer prison sentences than are common under existing federal law.
The proposal also would create a federal system for companies to notify consumers when their personal information has been stolen by hackers. Some security experts have criticized this part of the proposed legislation, saying it is significantly weaker than breach notification laws in many states because of its limited definition of personally identifiable information, and the fact that it doesn’t apply to paper documents.
“The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches,” Eduard Goodman, chief privacy officer at Credit.com’s sister company, identitytheft911.com, wrote in a recent editorial.
[Related Article: 5 Reasons Why Obama’s Breach Notification Policy Makes Me Grumpy]
The White House did not return a call or an email seeking comment.
One speaker at Tuesday’s hearing did reference this concern, if obliquely. Congressman Jim Langevin (D-RI) said he supports the Obama administration’s proposal to move from a state-by-state breach notification system to a federal one, but cautioned, “we must also take care to implement the most effective—not the lowest—standard for reporting.”
Other administration officials touted the framework, saying it balances consumers’ need for privacy with the needs of private business to avoid unnecessary government intrusion.
“One important theme of the proposal is accountability through disclosure,” said Ari Schwartz, an internet policy advisor for the Commerce Department. “The administration is promoting private sector expertise and innovation over top-down government regulation.”
Image: José Goulão, via Flickr.com