DHS warns about privacy implications of cybersecurity bill

The bill under consideration of the Senate has been criticized by privacy groups

The U.S. Department of Homeland Security has warned about the privacy implications of a cybersecurity bill that is intended to encourage businesses to share information about cyberthreats with the government.

The DHS has also warned that the information sharing system proposed by the new bill could slow down responses in the face of a cyberthreat, if companies are allowed to share information directly with various government agencies, instead of routing it through the department.

The Cybersecurity Information Sharing Act (CISA), which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is under consideration of the Senate.

The objection to the legislation by the DHS is likely to give a boost to critics of CISA, who are concerned that the provisions of the bill could be used by companies to hand over customers' personal data to government intelligence agencies.

The authorization in CISA to share cyberthreat data "notwithstanding any other provision of law" with any federal agency could in fact sweep away key privacy protections, including provisions in the Stored Communications Act that limit the disclosure of the content of electronic communications to the government by certain providers, wrote Alejandro N. Mayorkas, deputy secretary of the DHS in a letter to Senator Al Franken.

The letter was made public on Monday by Franken, a Democrat from Minnesota, who is opposed to the legislation.

The privacy concerns of the DHS are increased by what it describes as "the expansive definitions of cyber threat indicators and defensive measures in the bill."

Mayorkas contrasts the provisions of the bill to the cybersecurity information sharing proposal outlined by President Barack Obama in January, which called for the sharing of all cyberthreat information through the National Cybersecurity and Communications Integration Center (NCCIC), a non-law enforcement, non-intelligence center focused on network defense activities.

The DHS runs the NCCIC, which has representatives of both government agencies and the private sector involved in information sharing. "Permitting sharing directly with law enforcement and intelligence entities will be of significant concern to the privacy and civil liberties communities," Mayorkas wrote.

A provision in the bill to permit companies to mark information provided to the federal government as "proprietary" could also be too restrictive, and might be read to limit DHS's ability to share this information with other non-federal entities, according to the Mayorkas. The protections "may deprive numerous private sector entities of a valuable source of cyber threat information helpful for network defense activities," he wrote.

The distribution of cyberthreat information among multiple agencies, instead of providing it initially to one agency, will also "limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents," Mayorkas added.

The DHS letter makes it clear that if the Senate moves forward with CISA, "we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," said Franken who is the top Democratic senator on the Judiciary Subcommittee on Privacy, Technology, and the Law.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. SenatesecurityU.S. Department of Homeland Securitylegislationgovernmentprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Ribeiro

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?