This week, Rep. Adam Schiff (D-Burbank), a senior Member of the Intelligence Committee, will offer an amendment to address concerns raised by the Administration, civil liberties groups and Internet users with the Cyber Intelligence Sharing and Protection Act (CISPA). The House is slated to take up the bill along with a host of other cyber security bills later this week.
“Throughout the cyber security debate, my priority has been addressing the gaping holes in our cyber defenses,” Schiff said. “It is important to move forward with a cyber security bill to address information sharing, but we must make sure that it includes strong protections for the civil liberties and privacy of Americans. I appreciate the good work of the Chair and Ranking Member, and will continue to work with my colleagues on the Intelligence Committee to make improvements to the bill before it comes to the floor later this week. Along these lines, I am preparing an amendment which will address many of the concerns raised over the past month. I believe that my amendment would narrowly tailor the bill to its purpose of protecting us from attacks on our cyber infrastructure and protecting trade secrets while protecting the privacy and civil liberties of ordinary Americans.”
Schiff’s amendment would require the development of policies and procedures to minimize the impact of information sharing on privacy and civil liberties, specifically minimizing the collection of personally identifiable information. It would also narrowly define and tailor the purposes for which the government can use information obtained from private entities under the legislation, while including exceptions for information that directly relates to a crime or a specific national security threat.
The amendment would:
- Adopt privacy language requiring the development of policies and procedures to minimize the impact of information sharing on privacy and civil liberties, including by minimizing the collection of publicly identifiable information as included in Senator Feinstein’s draft. The procedures would have to be reviewed and approved by the U.S. Attorney General within one year of their development;
- Narrow the purposes for which a Federal agency may use cybersecurity information obtained under the Act. Allow for the use of cyber security information if the information discloses a specific threat to national security or is considered foreign intelligence information; and
- Use Lieberman/Collins/Feinstein definitions for Cybersecurity Threat, Cybersecurity Threat Information, and Cybersecurity Threat Intelligence, while also adopting a number of other definitions that are necessary to define those terms.