Leahy: Threats To Cybersecurity Must Be Addressed

Judiciary Committee Chairman Will Continue Push For Privacy Protections In Cybersecurity Legislation

[WASHINGTON (Thursday, August 2, 2012) – Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), a champion of protecting individual privacy and promoting American innovation, issued the following statement today after the Senate’s cybersecurity legislation was stalled on a procedural vote. Leahy had filed a number of privacy-related amendments to make further improvements to the bill, and had worked with the bill’s cosponsors to seek their inclusion in the bill, had debate moved forward.]  

Statement Of Senator Patrick Leahy (D-Vt.),
Chairman, Senate Committee On The Judiciary,

On Cloture Vote On S. 3414, the Cybersecurity Act of 2012

August 2, 2012

MR. PRESIDENT:  Today, the Senate will conclude debate on the Cybersecurity Act of 2012,

S. 3414.  Developing a comprehensive strategy for cybersecurity is one of the most pressing challenges facing our Nation.  I commend President Obama for his commitment to addressing this national security issue.  I also commend the Majority Leader and the bill’s sponsors for their work on this pressing matter. 

I share the President’s view that updates to our laws are urgently needed to keep pace with the many threats that Americans face in cyberspace.  For that reason, I will support the motion for cloture on this bill.  But, I do so with major reservations about the bill in its current form, because this legislation does not address many of the key priories that must be a part of our national strategy for cybersecurity.



A legislative response to the growing threat of cybercrime must be a part of our debate about cybersecurity.  Protecting American consumers and businesses from cybercrime and other threats in cyberspace is a top priority of the Judiciary Committee.  That is why I filed an amendment to the bill to strengthen our Nation’s cybercrime laws, which takes several important steps to combat cybercrime.  The amendment, among other things, (1) updates the federal RICO statute to add violations of the Computer Fraud and Abuse Act to the definition of racketeering activity; (2) strengthens the legal tools available to law enforcement to protect our nation’s critical infrastructure by making it a felony to damage a computer that manages or controls national defense, or other critical infrastructure information; and (3) streamlines and enhances the penalty structure under the Computer Fraud and Abuse Act.  This cybercrime amendment incorporates many of the proposals that were recommended in the cybersecurity proposal that President Obama delivered to Congress last May.  The Judiciary Committee favorably reported these proposals in September as part of my Personal Data Privacy and Security Act.  These updates to our criminal laws are urgently needed to keep pace with the cunning of cyber-thieves and the many emerging threats to American’s safety in cyberspace.  These measures must be included in any cybersecurity legislation that the Senate considers.

Digital Privacy


In the digital age, we must also update our digital privacy laws so that Americans will have better safeguards for their electronic communications.  That is why I filed an amendment to the bill that makes commonsense updates to two vital digital privacy laws that I authored several years ago -- the Video Privacy Protection Act (VPPA) and the Electronic Communications Privacy Act (ECPA).  The amendment would update the Video Privacy Protection Act to permit consumers to provide a one-time consent for video service providers to share their video viewing information with third parties via the Internet.  This update will help the VPPA keeps pace with how most Americans view and share videos today -- on the Internet -- while also requiring that video service providers provide clear and conspicuous notice that the consent to share video viewing information can be withdrawn at anytime.  The amendment also updates the Electronic Communications Privacy Act to prohibit service providers from voluntarily disclosing the contents of Americans’ emails or other electronic communications to the Government, unless the Government obtains a search warrant based on probable cause.  There are appropriate exceptions to this prohibition under current law, including when a customer provides consent or when disclosure to law enforcement is necessary to address certain criminal activity.  I am also mindful of the need to ensure that law enforcement can do their jobs effectively. The safeguards and exceptions in this provision were designed to ensure that appropriate privacy protections do not undermine the ability of law enforcement to keep us safe.

Cyber Research and Development

I also filed a bipartisan amendment to promote cyber research and development in Vermont and elsewhere across the nation.  This amendment improves section 301 of the bill by clarifying that the White House’s Office of Science and Technology Policy’s new test bed program should build upon existing work on cybersecurity test beds by the Department of Homeland Security in its Science and Technology Directorate.  The amendment also expands the proposed test beds program to include funding for the military academies and senior military colleges to participate.  Senator Hoeven joined me in proposing this improvement to the bill and we both believe that it is important for these institutions, which have such a prominent role in cultivating the next generation of security leaders, to develop tools to combat the next generation’s security threats.


Data Privacy and Security


Comprehensive cybersecurity legislation must also respond to the alarming number of data security breaches that threaten the privacy and security of American consumers and businesses today.  The troubling data breaches at Sony, Epsilon and Lockheed are recent reminders that new tools are needed to protect us from the growing threats of data breaches and identity theft.  In May 2011, the Obama administration submitted a data breach proposal that adopted the carefully balanced framework of data privacy and security legislation that I have introduced -- and that this Judiciary Committee has favorably reported -- several times.   My data breach amendment would establish a single nationwide standard for data breach notification.  My data security amendment would require that companies that maintain databases with Americans’ sensitive personal information establish and implement data privacy and security programs, so that data breaches do not occur in the first place.  I filed these amendments because Congress must address the threat of data security breaches and make these long overdue privacy protections available to American consumers and businesses.


The threats to our privacy and security in cyberspace are real and these threats will not go away simply because the Congress fails to act.  I lament the fact that a long overdue debate on cybersecurity legislation has become embroiled in a partisan stalemate.  While there are legitimate differences on how we must confront this threat, Democrats, Republicans and Independents alike are put at risk if we do not do so.  We must find a way to work together to confront this national challenge.  I hope that we will see more progress on overcoming differences on this issue in the weeks ahead.  I also hope that the sponsors of this bill will include the priorities that I have outlined as part of any future comprehensive cybersecurity bill.  Again, I commend the President and all Senators on both sides of the aisle who have worked to address this important issue.  I also thank the many privacy, civil liberties and technology organizations that have supported my amendments to this bill. 

I ask that a copy of three letters that I have received in support of several of my amendments to the bill be placed in the Record following my full remarks.

# # # # #