Monday, December 5, 2011

HR 3523 Amendments

The results of last week’s markup of HR 3523, the Cyber Intelligence Sharing and Protection Act of 2011 [NOTE: the GPO print is now available] were finally posted on the Intelligence Committee web site this weekend. I suppose since most of their hearings are classified they don’t get a lot of practice putting up ridiculously small amounts of information on their web page.

There were two amendments, neither of which made any substantive changes in the information shared by the government. To keep the industry happy about providing information to the government about security issues, they further restricted the use that the intelligence community can make of the information provided. And the second amendment requires yet another report to Congress about the success of this program.

Reporting Protections

The amendment from the Chairman and Ranking Member prohibits the federal government from using the information provided unless “at least one significant purpose of the use of the information is” cybersecurity or protection of the national security of the United States {§1104(c)(1)(B)}. Furthermore, the government is prohibited from even searching the information for a purpose other than those two; can’t have the government searching for how many bogus reports came from a single source now.

Such attention to paranoia is amazing. The bill already prohibited the government from using the material for regulatory purposes, releasing it under the Freedom of Information Act, sharing it with other entities without permission and prohibits courts from using it in liability cases based upon the reporting, or failing to report, cybersecurity information in ‘good faith’. This is much better treatment (from the point of view of the black-helicopter league) than the average citizen gets under the ‘See Something Say Something’ program.

Of course, since neither ‘cybersecurity’ nor ‘protection of the national security of the United States’ is defined in the bill, these provisions are practically speaking unenforceable. Oh well, at least the Congressmen can point to the words in the bill; as if any government words will make the black-helicopter crowd happy.

IG Report

The second amendment by Rep. Thompson, (R, CA) requires the Inspector General of the Intelligence Community (that would be an interesting job), to prepare a report to Congress on the use made of intelligence provided by the private sector. The wording of the amendment makes it clear that, once again, the main concern of the Committee is that the information provided by the private sector will not be misused by the Government.

While I certainly don’t want any God-Fearing American Citizen’s privacy or civil liberties being abused by the intelligence community, I am much more concerned about ensuring that the government intelligence community proactively shares threat information with the private sector. How about a report on the number of intelligence reports that get down to the potential targets so that they can properly protect themselves against cyber-attacks? That is what I would like to see tracked by the IG.

Bipartisan Support

The press release announcing the results of the mark-up of this bill notes that it was passed on a “decisive vote of 17-1”; though there is no word on how the two amendments were adopted. A 17 to 1 vote (even with two committee members not voting) can be assumed to be a show of bipartisan support for the bill and there is no reason that this bill couldn’t achieve the same sort of support on the floor.

I would not be surprised, however, if this bill gets rolled into whatever general cyber-security bill makes it to the floor of the House in January.

No comments:

/* Use this with templates/template-twocol.html */