New US cyber laws will hit privacy and security, says Homeland Security

When even the DHS thinks it's a bad idea then it must be time for a rethink

The US Department of Homeland Security is hardly what you'd think of as a bunch of whining lefties, but even this agency has come out against the proposed Cybersecurity Information Sharing Act.

In a letter [PDF] to Senator Al Franken (D-MN), Alejandro Mayorkas, the deputy secretary of the DHS, said that the proposed American legislation was seriously flawed and "could sweep away important privacy protections."

"Equally important, if cyber threat indicators are distributed amongst multiple agencies rather than initially provided through one entity, the complexity – for both government and businesses – and inefficiency of any information sharing program will markedly increase," he said.

It's not often you hear the DHS standing up for individual privacy rights, let alone criticizing a bill that would vastly expand the ability of federal and local law enforcement to snoop online. But there are good reasons for the DHS to send this kind of a letter.

The CISA legislation, introduced by Senator Richard Burr (R-NC) and being considered by the US Senate, would allow commercial companies to hand over private data about their customers to the government in exchange for warnings of online attacks and help mitigating cyber-assaults.

This data need not be anonymized, and companies would be offered near total immunity from lawsuits from their users for handing it over. Even finding out what had been handed over would be difficult, since the information couldn't be discovered using existing freedom of information laws.

One suspects the DHS doesn't have a problem with any of this. What worries the agency is that it would no longer be responsible for handling and disseminating this information, but instead each federal agency would be contacted directly and given whatever it wanted.

This leaves the DHS in a much weaker position. It also leaves consumers with no paper trail over what has been passed around, which is particularly worrying since the information can be used for purposes other than just protecting against online attacks.

Politics makes for strange bedfellows and the language used by the DHS indicates that the agency will fight against the bill as it currently stands – although that may change with amendments. Nevertheless, Senator Franken is taking any ally he can get at the moment to oppose the legislation.

"I think all Americans have a fundamental right to privacy – and it's especially important in light of advancing technologies that continually threaten to outpace our laws," he said.

"The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives."

The CISA legislation had been on hold until the Republicans scheduled a vote to defund Planned Parenthood. But Monday's vote on that failed and now it's likely that CISA will move into the debating chamber. ®


Biting the hand that feeds IT © 1998–2017