Rogers-Ruppersberger Manager's Amendment
The Rogers-Ruppersberger bill will come to the floor the week of April 23. It's information sharing provisions are likely to be the crux of the debate on the House side. Today, the Manager's filed a draft amendment in the nature of a substitute. Major differences:
- Throughout the bill the concept of private sector entity is expanded to include "utilities" which, after all, may be public sector entities but which ought to be within the ambit of the bill;
Published by The Lawfare Institute
in Cooperation With
The Rogers-Ruppersberger bill will come to the floor the week of April 23. It's information sharing provisions are likely to be the crux of the debate on the House side. Today, the Manager's filed a draft amendment in the nature of a substitute. Major differences:
- Throughout the bill the concept of private sector entity is expanded to include "utilities" which, after all, may be public sector entities but which ought to be within the ambit of the bill;
- The earlier version of the bill had allowed sharing of cyber threat information with anyone in the Federal government. The new version requires that Federal recipients include DHS in the loop;
- The blanket immunity from liability provided for in earlier drafts is narrowed somewhat to not protect against liability for willful misconduct;
- The purpose rules are modified so that a cyber security purpose or national security purpose must be a "significant" purpose of the sharing (a change that will remind many readers of the debate over other intelligence sharing rules);
- Government use is further limited by anti-tasking rules that prohibit the government from asking for information from the private sector affirmatively -- only voluntary sharing is permitted;
- A right of action against the government for damages from intentionally or willful violations of the limitations is added; and
- Since the Privacy and Civil Liberties Oversight Board is not yet active a report from the ODNI Inspector General on privacy implications is required instead.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.