April 26, 2013
Ms. Naomi Chambers, Ms
Des Moines, Washington 98198
Dear Naomi ,
Thank you for contacting me with your thoughts about cybersecurity and the Cyber Intelligence Sharing and Protection Act (CISPA). I appreciate you taking the time to share your thoughts with me on this important issue.
There has been an increase in cyber attacks on government agencies, financial institutions, and other private industries in the United States and globally. Our current defenses are not keeping pace with the increasing amount and sophistication of attacks, and our nation is at greater risk as a result.
T he Cyber Intelligence Sharing and Protection Act (CISPA) , H.R. 624, creates a system for the government and private sector companies and organizations to share information about cyber threats. Information sharing can help the private sector better defend itself from threat and attack by enabling the government to share cyber information with companies. Additionally, this legislation also addresses legal, policy, and procedural barriers to provide companies with avenues to, at the companies' option, share important information about the cyber threats they face. This information, provided by the private sector, can help improve the government's ability to protect against cyber threats and offer better knowle dge about potential cyber risks back to private sector entities.
I was pleased to see several notable improvements in this legislation's protection of privacy and civil liberties over previous versions. The elimination of a broad provision that allowed information sharing for "national security uses" was a major step to improve privacy concerns. Now the bill only allows information sharing for more specific threats: cybersecurity, cyber crimes, protection from mortal danger or harm, and protection of minors from child pornography. CISPA also mandates the government to minimize or remove personally identifiable information obtained from the private sector, requires civilian entities within the government to receive information about cyber threats and crimes from the private sector, and adds oversight responsibilities for the Privacy and Civil Liberties Board (PCLOB).
With that said, I do have significant privacy concerns with the legislation. The bill is still in need of stronger requirements for private companies to protect personal information and privacy before cybersecurity data is shared. Along with that, I have concerns that the liability protection provided by CISPA remains too broad for action taken by private entities in response to cyber threat information.
CISPA was considered by the full House of Representatives on April 18, 2013 and passed by a vote of 288 to 127. I voted for CISPA because it offers us an important opportunity to begin to get a handle on the real and growing cybersecurity threats that face us, but the bill is not perfect.
This bill w ill go to conference with cybersecurity legislation that is eventually passed by the Senate. During that process I will continue to fight to protect personal privacy and alleviate civil liberty concerns. However, given the many intelligence briefs I have received as Member of Congress detailing previous cyber attacks and our vulnerabilities to future attacks, doing nothing to improve our defense against cyber attacks right now is unacceptable.
Thank you again for sharing your thoughts about cybersecurity and CISPA. Please do not hesitate to contact me in the future with any other concerns.
Member of Congress