The Homeland Security Department Issues a Big Warning About the Senate’s Cyber Bill

DHS said Monday that the Senate’s cyberinformation-sharing bill would “sweep away important privacy protections.”

The seal of the Department of Homeland Security is seen on a podium.
National Journal
Aug. 3, 2015, 9:29 a.m.

The Home­land Se­cur­ity De­part­ment said in an of­fi­cial let­ter that a cy­ber­in­form­a­tion-shar­ing bill un­der con­sid­er­a­tion in the Sen­ate would be det­ri­ment­al to Amer­ic­ans’ pri­vacy and the coun­try’s cy­ber­se­cur­ity.

The agency said a pro­vi­sion in the bill that au­thor­izes the private sec­tor to share cy­ber­threat in­form­a­tion with any fed­er­al agency would “in­crease the com­plex­ity and dif­fi­culty of a new in­form­a­tion shar­ing pro­gram” and “sweep away im­port­ant pri­vacy pro­tec­tions.”

DHS Deputy Sec­ret­ary Ale­jandro May­or­k­as, who signed the let­ter, also wrote that dis­trib­ut­ing in­form­a­tion across many agen­cies would mean the “in­ef­fi­ciency of any in­form­a­tion shar­ing pro­gram will markedly in­crease; de­vel­op­ing a single, com­pre­hens­ive pic­ture of the range of cy­ber threats faced daily will be­come more dif­fi­cult.”

The Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act passed out of the Sen­ate In­tel­li­gence Com­mit­tee nearly un­an­im­ously in March, but some law­makers have since raised ques­tions about its pri­vacy pro­tec­tions and ef­fi­ciency. Sup­port­ers on both sides of the aisle say it will fa­cil­it­ate cy­ber­threat shar­ing between the private sec­tor and the gov­ern­ment, thereby mak­ing it easi­er for both to de­tect and shut down on­line in­tru­sions.

The let­ter, a re­sponse to a re­quest for in­form­a­tion from Sen. Al Franken, was sent Fri­day and re­leased by the Min­nesota Demo­crat’s of­fice Monday. The prob­lems DHS out­lines in the let­ter mir­ror many of the con­cerns that pri­vacy ad­voc­ates and se­cur­ity ex­perts have raised about the bill, which could come up for a vote in the Sen­ate this week be­fore the cham­ber breaks for Au­gust re­cess.

In re­leas­ing the DHS let­ter, Franken said Monday that CISA is not yet ready for a vote. “The De­part­ment of Home­land Se­cur­ity’s let­ter makes it over­whelm­ingly clear that, if the Sen­ate moves for­ward with this cy­ber­se­cur­ity in­form­a­tion-shar­ing bill, we are at risk of sweep­ing away im­port­ant pri­vacy pro­tec­tions and civil liber­ties, and we would ac­tu­ally in­crease the dif­fi­culty and com­plex­ity of in­form­a­tion shar­ing, un­der­min­ing our na­tion’s cy­ber­se­cur­ity ob­ject­ives,” he said in a state­ment.

Franken, an out­spoken pri­vacy ad­voc­ate in the Sen­ate, asked DHS last month to set out any con­cerns it may have with the bill’s pri­vacy, ef­fect­ive­ness, and ef­fi­ciency. The agency iden­ti­fied a num­ber of is­sues with the bill, in­clud­ing a pro­vi­sion that would make it dif­fi­cult for the agency to an­onym­ize in­com­ing data and pre­serve Amer­ic­ans’ pri­vacy, and a worry that the sheer volume of in­form­a­tion that would be shared un­der the law would be over­power­ing.

DHS has been in­tim­ately in­volved in cy­ber­in­form­a­tion-shar­ing ever since re­cent le­gis­la­tion cre­ated the Na­tion­al Cy­ber­se­cur­ity and Com­mu­nic­a­tions In­teg­ra­tion Cen­ter cy­ber­threat clear­ing­house with­in the agency. A num­ber of fed­er­al agen­cies and over a hun­dred private-sec­tor com­pan­ies par­ti­cip­ate in DHS’s in­form­a­tion-shar­ing pro­gram.

In the re­sponse to Franken’s re­quest, DHS said a stronger in­form­a­tion-shar­ing law should pre­serve the NC­CIC as the hub for any ex­pan­ded pro­gram, rather than spread­ing cy­ber­threat in­form­a­tion out across gov­ern­ment agen­cies.

The agency also said it was con­cerned that an al­low­ance in the Sen­ate bill for com­pan­ies to mark in­form­a­tion they share with the gov­ern­ment as pro­pri­et­ary could get in the way of the pro­gram’s goals and pre­vent agen­cies from act­ing on the cy­ber­threat in­form­a­tion they re­ceive. DHS re­com­men­ded that in­form­a­tion, once an­onym­ized, no longer be re­garded as pro­pri­et­ary.

With only a week be­fore the Sen­ate ad­journs for the sum­mer, CISA is up against a tick­ing clock. Sen­at­ors are work­ing to reach an agree­ment to move for­ward with the bill early this week, but law­makers from both parties are clam­or­ing to add amend­ments to the bill.

A spokes­man for Sen­ate Ma­jor­ity Lead­er Mitch Mc­Con­nell said the sen­at­or wants to move to the cy­ber bill im­me­di­ately after a vote on de­fund­ing Planned Par­ent­hood on Monday af­ter­noon. The bill to de­fund Planned Par­ent­hood is not ex­pec­ted to pass.

If it does not get a vote this week, the bill will get shunted to the fall, where it will com­pete for sen­at­ors’ at­ten­tion with oth­er press­ing is­sues, such as fights over ap­pro­pri­ations and the debt ceil­ing.

What We're Following See More »
Mueller Agrees to Testify, but Only in Private
2 days ago
Trump Loses in Court Again
4 days ago
Trump Pulls the Plug on Infrastructure
4 days ago
Parties Go to Court Today Over Trump Banking Records
4 days ago
Tillerson Talking to House Foreign Affairs
5 days ago

"Former Secretary of State Rex Tillerson was spotted entering a congressional office building on Tuesday morning for what a committee aide told The Daily Beast was a meeting with the leaders of the House Foreign Affairs committee and relevant staff about his time working in the Trump administration. ... Tillerson’s arrival at the Capitol was handled with extreme secrecy. No media advisories or press releases were sent out announcing his appearance. And he took a little noticed route into the building in order to avoid being seen by members of the media."


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.