Last week Rep Ross (D,NC) introduced HR 5501, the Ransom Disclosure Act. This is very similar to S 2926 that was also introduced last week, but two significant differences exist. One of the changes made in the House bill modifies (reduces) the overly long reporting deadline that was found in the Senate bill.
Differences
In §2(b) the House version of the bill provides for a 48-hour time-limit for reporting ransom payments where the Senate version give the ransom payer 7-days to make the same notification.
In §2(g)(1) the House version of the bill give DHS 60-days to establish a web site for voluntary reporting of ransom payments by individuals. In the Senate bill, the same paragraph used a specific date (December 21st, 2021) as the deadline for establishing the same web site. The use of a date-certain as a requirement in a piece of legislation is fraught with difficulties since no one can predict when a bill will be taken up, or what obstacle will be encountered enroute to the President’s desk.
Moving Forward
Ross is not a member of the House Energy and Commerce Committee
to which this bill was assigned for consideration. As with S 2926, this means
that there is probably insufficient influence to see the bill considered in
Committee. I am not sure how the Committee would vote if the bill were
considered as there is little history of consideration of this type of cybersecurity
related bill by this Committee. Most bills of this type are referred to the
House Homeland Security Committee. The Energy and Commerce Committee might just
favorably report this bill just to keep a hand in the game.
No comments:
Post a Comment