Speeches and Floor Statements
Van Hollen Statement on H.R. 3523, the Cyber Intelligence Sharing and Protection Act
I commend Chairman Rogers and Ranking Member Ruppersberger for working closely together on H.R. 3523, the Cyber Intelligence Sharing and Protection Act. I regret that I cannot support the bill in its current form, but look forward to working with them and the Senate to develop an effective response to this pressing issue.
Cyber attacks around the world are frequent and growing and take many forms. Military installations alone are not the sole targets. In November, a U.S. intelligence report to Congress warned that China and Russia are using cyber espionage to steal U.S. technology secrets to bolster their own economic development.
Furthermore, according to U.S. Cyber Command, $300 billion of trade secrets are stolen every year as a result of cyber-related crime. Recently, the external website of the New York Stock Exchange was disrupted in an apparent cyber attack.
The frequency and sophistication of these attacks warrant an equally strong and sophisticated cybersecurity response. Ensuring that the cyber infrastructure of the U.S. is protected from breach or disruption is a major priority of this Congress.
This week, we are considering a number of legislative measures designed to address these growing threats to our nation’s critical cyber infrastructure. Today we consider the Cyber Intelligence Sharing and Protection Act or CISPA. The bill authorizes the intelligence community to share cyber threat information with the private sector by encouraging companies to send malicious code that they find in their systems to the government where it can then be used by analysts to better understand the attack and develop protections.
Though I support the intent and many of the provisions of the CIPSA bill, I cannot support the bill as a whole because the measure lacks adequate protections for identifiable information about internet users.
Specifically, the bill permits the sharing of information between the public and private sectors without establishing adequate safeguards to protect the identity of the customers or internet users who are the source of that information. For example, if a company chooses to forward the suspect emails of a customer to the federal government or another company, the company is not required by law to redact any of the elements of the communication that might unnecessarily reveal private information about the customer. In addition, the bill lacks sufficient limitations on the sharing of personally identifiable information between private entities.
Further, in the event that a company misuses private personal information, the bill provides inadequate remedies. These insufficient accountability measures not only threaten the privacy of innocent internet users, they remove important incentives to improve the cybersecurity process as a whole. While I am encouraged by the addition of the successful amendments by Representatives Quayle and Mulvaney, the protections provided by these amendments alone are, to my mind, insufficient to the task of ensuring the privacy of Americans.
The amendments offered by Representatives Schiff and Schakowsky would have addressed many of my privacy and civil-liberties concerns, but unfortunately, those important amendments were rejected by the Rules Committee and the full House did not have a chance to consider them. Without the addition of similarly strong privacy protections and civil-liberty safeguards, I cannot support the bill.
I believe strongly that securing the nation’s critical cyber infrastructure against attack is of paramount importance to our national and economic security. Indeed, I think these provisions can be strengthened by adopting many of the provisions in the bipartisan Lieberman-Collins bill in the Senate. I hope that there will be agreement to adopt many of these provisions so we can pass a comprehensive cybersecurity bill on an urgent basis.