Menu
DHS warns about privacy implications of cybersecurity bill

DHS warns about privacy implications of cybersecurity bill

The bill under consideration of the Senate has been criticized by privacy groups

The U.S. Department of Homeland Security has warned about the privacy implications of a cybersecurity bill that is intended to encourage businesses to share information about cyberthreats with the government.

The DHS has also warned that the information sharing system proposed by the new bill could slow down responses in the face of a cyberthreat, if companies are allowed to share information directly with various government agencies, instead of routing it through the department.

The Cybersecurity Information Sharing Act (CISA), which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is under consideration of the Senate.

The objection to the legislation by the DHS is likely to give a boost to critics of CISA, who are concerned that the provisions of the bill could be used by companies to hand over customers' personal data to government intelligence agencies.

The authorization in CISA to share cyberthreat data "notwithstanding any other provision of law" with any federal agency could in fact sweep away key privacy protections, including provisions in the Stored Communications Act that limit the disclosure of the content of electronic communications to the government by certain providers, wrote Alejandro N. Mayorkas, deputy secretary of the DHS in a letter to Senator Al Franken.

The letter was made public on Monday by Franken, a Democrat from Minnesota, who is opposed to the legislation.

The privacy concerns of the DHS are increased by what it describes as "the expansive definitions of cyber threat indicators and defensive measures in the bill."

Mayorkas contrasts the provisions of the bill to the cybersecurity information sharing proposal outlined by President Barack Obama in January, which called for the sharing of all cyberthreat information through the National Cybersecurity and Communications Integration Center (NCCIC), a non-law enforcement, non-intelligence center focused on network defense activities.

The DHS runs the NCCIC, which has representatives of both government agencies and the private sector involved in information sharing. "Permitting sharing directly with law enforcement and intelligence entities will be of significant concern to the privacy and civil liberties communities," Mayorkas wrote.

A provision in the bill to permit companies to mark information provided to the federal government as "proprietary" could also be too restrictive, and might be read to limit DHS's ability to share this information with other non-federal entities, according to the Mayorkas. The protections "may deprive numerous private sector entities of a valuable source of cyber threat information helpful for network defense activities," he wrote.

The distribution of cyberthreat information among multiple agencies, instead of providing it initially to one agency, will also "limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents," Mayorkas added.

The DHS letter makes it clear that if the Senate moves forward with CISA, "we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," said Franken who is the top Democratic senator on the Judiciary Subcommittee on Privacy, Technology, and the Law.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. SenatesecurityU.S. Department of Homeland Securitylegislationgovernmentprivacy

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments