Menu
DHS warns about privacy implications of cybersecurity bill

DHS warns about privacy implications of cybersecurity bill

The bill under consideration of the Senate has been criticized by privacy groups

The U.S. Department of Homeland Security has warned about the privacy implications of a cybersecurity bill that is intended to encourage businesses to share information about cyberthreats with the government.

The DHS has also warned that the information sharing system proposed by the new bill could slow down responses in the face of a cyberthreat, if companies are allowed to share information directly with various government agencies, instead of routing it through the department.

The Cybersecurity Information Sharing Act (CISA), which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is under consideration of the Senate.

The objection to the legislation by the DHS is likely to give a boost to critics of CISA, who are concerned that the provisions of the bill could be used by companies to hand over customers' personal data to government intelligence agencies.

The authorization in CISA to share cyberthreat data "notwithstanding any other provision of law" with any federal agency could in fact sweep away key privacy protections, including provisions in the Stored Communications Act that limit the disclosure of the content of electronic communications to the government by certain providers, wrote Alejandro N. Mayorkas, deputy secretary of the DHS in a letter to Senator Al Franken.

The letter was made public on Monday by Franken, a Democrat from Minnesota, who is opposed to the legislation.

The privacy concerns of the DHS are increased by what it describes as "the expansive definitions of cyber threat indicators and defensive measures in the bill."

Mayorkas contrasts the provisions of the bill to the cybersecurity information sharing proposal outlined by President Barack Obama in January, which called for the sharing of all cyberthreat information through the National Cybersecurity and Communications Integration Center (NCCIC), a non-law enforcement, non-intelligence center focused on network defense activities.

The DHS runs the NCCIC, which has representatives of both government agencies and the private sector involved in information sharing. "Permitting sharing directly with law enforcement and intelligence entities will be of significant concern to the privacy and civil liberties communities," Mayorkas wrote.

A provision in the bill to permit companies to mark information provided to the federal government as "proprietary" could also be too restrictive, and might be read to limit DHS's ability to share this information with other non-federal entities, according to the Mayorkas. The protections "may deprive numerous private sector entities of a valuable source of cyber threat information helpful for network defense activities," he wrote.

The distribution of cyberthreat information among multiple agencies, instead of providing it initially to one agency, will also "limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents," Mayorkas added.

The DHS letter makes it clear that if the Senate moves forward with CISA, "we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," said Franken who is the top Democratic senator on the Judiciary Subcommittee on Privacy, Technology, and the Law.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. SenatesecurityU.S. Department of Homeland Securitylegislationgovernmentprivacy

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments