Cyber Intelligence Sharing and Protection Act
Floor Speech
The House in Committee of the Whole House on the state of the Union had under consideration the bill (H.R. 624) to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes:
Mr. VAN HOLLEN. Madam Chair, every day cyber-networks in this country are attacked. These attacks cause substantial disruption to our networks and drain billions of dollars from our economy each year. Today we consider a bill designed to strengthen our protections against cyber threats by encouraging private entities to share information and intelligence among themselves and with the government. I certainly support that goal. However, I cannot support this bill in its current form because I believe it does not sufficiently protect the privacy of Americans. Specifically, the bill does not include sufficient protections against the disclosure of sensitive personal information.
Under the bill, companies are not required to extract personal information from the data they collect and share. Sharing un-scrubbed personal information with other companies or with government agencies can potentially put the civil liberties of Americans at risk if the data is misused or handled improperly. The bill also grants companies excessively broad immunities from legal responsibility for the disclosure or misuse of this data.
Many of the amendments accepted on the floor this week provide increased protections for information once it is received by the government, but that is no substitute for protecting it when it is initially collected by companies or when they share the data with each other. The White House has threatened to veto this bill if these issues are not adequately addressed.
I opposed this bill last year for similar reasons. I welcome the changes made to the bill this year to address some of those concerns. For example, no longer can receiving government agencies use information for national security purposes. Additionally, increased protections for personal data have been added for the information when it is placed in government hands. These changes improve the bill, but they do not go far enough to prevent the unwarranted and unnecessary disclosure of private information.
I believe that the cyber threats we face in this country are real, present and destructive. However, I believe that we can address these cyber threats without opening the door to unnecessary disclosure of private information. The companies who collect sensitive data about Americans should be required to safeguard that data to the fullest extent of their ability. The shortcomings of this bill can be easily addressed and I hope the Senate will make these necessary changes. I look forward to supporting a future bill that achieves that goal.
Source