Yesterday Sen. Burr (R,NC) introduced S 1705,
the Intelligence Authorization Act for Fiscal Year 2016. This is the Senate
version of the language that will likely be substituted in that body for the
language for HR
2596 that was recently
adopted in the House. There is only one item in the unclassified language
of this bill that comes close to addressing cybersecurity issues.
Section 603 of the bill would require electronic service
providers or remote computing service providers that obtain “actual knowledge
of any terrorist activity” {§603(a)}
including information about apparent violations of 18
USC 842(p). That section of the criminal code makes it a crime to
distribute information relating to explosives, destructive devices, and weapons
of mass destruction in “in furtherance of, an activity that constitutes a
Federal crime of violence” {§842(p)(2)(A)}.
An effort was made to ease any privacy concerns that could
arise out of this new reporting requirement by stating that nothing in the new
reporting requirement could be construed as a mandate for a covered provider to
{§603(d)}:
∙ Monitor any user, subscriber, or customer of that provider; or
∙ Monitor
the content of any communication of any person.
Moving Forward
It is not clear that the Senate Democrat’s opposition to the
FY 2016 spending bills in general (due to spending cap limits) would apply to
this bill. While the House vote on HR 2596 was not exactly resoundingly
bipartisan (247 to 148) there were a number of Democrats (31) that did vote for
the bill. Consideration of the bill could be blocked by an odd coalition of
conservative Republicans and liberal Democrats.
On the other hand, this bill does not contain the language
expanding the scope of the Cyber Threat Intelligence Integration Center to
which the President objected. That may be enough to get this bill to the floor
where it will certainly be passed after a lengthy amendment process.
Commentary
Even with the minimal limitations found in paragraph (d) the
privacy folks will certainly take objection to the §603 requirements. Making internet providers (and
that is clearly who are being addressed here) the arbiters of whether or not a
communication meets the legal requirement of intent “to use the teaching,
demonstration, or information for, or in furtherance of, an activity that
constitutes a Federal crime of violence” {§842(p)(2)(B)}.would certainly raise
concern in my mind.
For example there have been a number of occasions where I
have discussed the use of industrial chemicals as destructive devices or weapons
of mass destruction. And I have been criticized in a couple of instances for ‘making
this information available to terrorists’. Would my discussions be required to
be reported if they came to the attention of my internet provider? I’m not
really too worried in my case because of the number of government readers that
I have, if I ever really step over the line, it will be noted pretty quickly.
But how about readers that share knowledge of newly discovered techniques with
me by email?
No, I expect that this provision will see some amendments
made to it if this bill ever gets to the floor of the Senate.
Posts
No comments:
Post a Comment