Feinstein-Chambliss Cybersecurity Info Sharing Bill
The Chair and Vice-Chair of the Senate Select Committee on Intelligence, Senators Feinstein and Chambliss have introduced a draft cybersecurity information sharing bill. Early coverage of the bill from Inside Cybersecurity is here. My own quick analysis:
- The require
Published by The Lawfare Institute
in Cooperation With
The Chair and Vice-Chair of the Senate Select Committee on Intelligence, Senators Feinstein and Chambliss have introduced a draft cybersecurity information sharing bill. Early coverage of the bill from Inside Cybersecurity is here. My own quick analysis:
- The requirement to remove personally identifying information from shared cyber threat information is both critical to securing buy in from privacy advocates and likely a significant vulnerability that diminishes effectiveness. The caveat that the information need not be minimized if it is "directly related to a cybersecurity threat" is both sensible and a formula for disagreement.
- The direction that the shared information be used by the Federal government only for "appropriate cyber purposes" more or less hides the hard part of the question and leave much to be determined.
- The offer of liability protection to those in the private sector who share information with the government is a strong incentive. But it continues to contain the litigation bait of a "willful misconduct" exception -- which converts the liability protection into a bit of an artful pleading requirement.
- The designation of DHS as the info-sharing hub in the Federal Government is, one expects, hoped to blunt the prospect of sharing information with NSA. Implicit in the bill, however, is the reality that the information shared with DHS will also be shared with "other federal entities." I don't think that the privacy advocates will miss that implication.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.
