Security and privacy are not mutually exclusive. The intelligence community – within government and the private sector - has the tools necessary to keep us safe without compromising our civil liberties. Unfortunately, the bill before the House today, H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA), treats privacy and civil liberties as obstacles to cybersecurity. Therefore, I oppose this legislation.
Just as the Internet has revolutionized the way people do business, learn, and interact, it has also transformed the nature of the threats against our national security. Every day bad actors - rogue states, terrorist organizations, and hackers – attempt to infiltrate America’s cyber networks. Some security experts warn that a cyber attack poses the greatest threat to our national security.
The intent of CISPA is laudable. Cybersecurity experts in government and the private sector agree that the biggest impediments to strengthening cybersecurity are the obstacles preventing the sharing of cyber threat information. If one network is attacked, other networks could benefit from information pertaining to that attack. However, CISPA fails to adequately protect civil liberties in facilitating this information sharing.
CISPA preempts all other provisions of law, including critical privacy laws. The bill does not define “national security” at all, leaving that to the discretion of private entities and the government. The definition of “cybersecurity threat” is too broad and could allow the sharing of private information that does not relate to a real threat. The bill also does not require that the data is scrubbed of key information that may identify individuals.
Once this information is shared, it is supposed to be used only for cybersecurity or national security purposes. But again these terms are undefined or only partially defined, leaving open the potential that this information may be abused in a way that does not relate to a real threat.
Strengthening America’s cybersecurity is a bipartisan issue. It should be done in a thoughtful and deliberate manner to ensure that we are securing the country while still protecting our civil liberties guaranteed by the Constitution. Unfortunately, CISPA falls short.