Blog

ASNE needs your urgent action on cybersecurity legislation

 
Throughout the past year, ASNE has paid close attention to and weighed in on the Cybersecurity Information Sharing Act (CISA). Previously, we have alerted you to problems of the Senate version of this bill, which was actually much more palatable than the earlier House version. 
 
Although we didn't get a FOIA exemption removed from CISA, we felt that the breadth of the exemption as a whole was minimized. That's why we are upset to note that the House and Senate intelligence committees seem to be attempting an end run around the bills already passed by the House and Senate. A conference committee led by Rep. Michael McCaul (R-Texas) is apparently considering 123-page legislation that does not seem to have been vetted by other members of Congress.
 
Throughout the past year, ASNE has paid close attention to and weighed in on the Cybersecurity Information Sharing Act (CISA). Previously, we have alerted you to problems of the Senate version of this bill, which was actually much more palatable than the earlier House version. 
 
Although we didn't get a FOIA exemption removed from CISA, we felt that the breadth of the exemption as a whole was minimized. That's why we are upset to note that the House and Senate intelligence committees seem to be attempting an end run around the bills already passed by the House and Senate. A conference committee led by Rep. Michael McCaul (R-Texas) is apparently considering 123-page legislation that does not seem to have been vetted by other members of Congress. With regard to our interests, this bill would:

  • Give greater immunity to corporations who directly share information with federal agencies and, thus, broaden the amount of information held by the government.
  • Expand (once again) the definition of "cyber threat indicator" to a breadth that might include just about anything relating to cybersecurity whether or not disclosure of that information actually constitutes a cybersecurity threat. 
  • Reduce privacy protections in a way that would allow law enforcement to obtain any information relating to "cyber threat indicators" and use that to prosecute crimes, which would likely (once again) increase the number of subpoenas issued to reporters as any disclosed information could conceivably be considered as a "cyber threat" that allows for prosecution of the source.
  • Protect from disclosure of anything relating to cyber threat indicators, which have been shared by the federal government with the states or by the state governments with federal agencies.

This is all being done behind the scenes without much public knowledge. At this point, half the battle is to simply shine light on the process by (1) covering the issue and (2) if you are comfortable, asking Rep. McCaul to respect the legislative process, personal privacy and oversight of the government and remove this proposed draft from committee consideration. The Electronic Frontier Foundation has built a
Twitter tool to allow individuals and entities to express opposition directly and publicly to this maneuver, in case you want to participate in a social media-based opposition campaign. 

Also, you can read this blog post by ASNE partner organization 
which offers more detail. Contact ASNE Legal Counsel Kevin M. Goldberg at
703-812-0462 or goldberg@fhhlaw.com for any questions. 

Archive

Contributors