According to ‘70s hippie comics Cheech & Chong, “Everybody shares stuff, man.”
Maybe if it’s weed. But, apparently not if it’s cyber threat information.
Supposedly, creation of a federal framework for that kind of sharing among industries and government has been a priority for years for all parties involved – President Obama Congress and private sector enterprises that are under constant, ever-more-sophisticated attacks.
But after years of proposals, there are still no results. And if privacy and civil liberties advocates prevail in the current dustup, there won’t be any results this year either.
The latest effort – several bills on both the House and Senate side – have had varied success. Two House bills – the Protecting Cyber Networks Act, or PCNA (H.R. 1560) and the National Cybersecurity Protection Advancement Act of 2015, or NCPAA (H.R. 1731) – easily passed and were combined into one labeled H.R. 1560.
A Senate bill, the Cyber Information Sharing Act (S. 754), proposed as an amendment to the National Defense Authorization Act, got the declared support of the White House earlier this month.
But it faces withering opposition from privacy and civil liberties organizations, and even from the federal government’s own Department of Homeland Security which, in a letter to Sen. Al Franken (D-Minn.), warned that the sharing provisions of the bill, “could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers.”
The private sector opponents of the bill were much more broad and blunt in their criticism. In a letter to the president dated July 27, 40 organizations and 31 individuals urged him to veto the bill, contending that it violated the administration’s own stated priorities to, “preserve Americans’ privacy, data confidentiality, and civil liberties and recognize the civilian nature of cyberspace.”
Robyn Green, policy counsel at New America's Open Technology Institute –one of the signatories – said that CISA, “completely fails to address the president's stated priorities for information sharing legislation … it's a train wreck for privacy and security, and Congress simply needs to go back to the drawing board."
Lee Tien, senior staff attorney and Adams Chair for Internet Rights at the Electronic Frontier Foundation (which also signed the letter), said that the word “sharing” is, “such a euphemism. The bills are about monitoring other people’s communications and sending those communications or information from or about those communications to the U.S. government. Surveillance, in other words.”
The Senate is in recess this month, and the staff of Sen. Richard Burr (R-NC), chairman of the Senate Intelligence Committee and sponsor of CISA, did not respond to a request for comment. But Sen. Dianne Feinstein (D-Calif.), vice-chair of the committee, noted in March that the bill had been reported out of the committee on a 14-1 vote. And she complained that opponents were spreading “misinformation” about it.
Sign up for CIO Asia eNewsletters.