[Congressional Record Volume 158, Number 62 (Friday, April 27, 2012)]
[Extensions of Remarks]
[Page E693]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             CYBER INTELLIGENCE SHARING AND PROTECTION ACT

                                 ______
                                 

                               speech of

                          HON. EARL BLUMENAUER

                               of oregon

                    in the house of representatives

                        Thursday, April 26, 2012

       The House in Committee of the Whole House on the state of 
     the Union had under consideration the bill (H.R. 3523) to 
     provide for the sharing of certain cyber threat intelligence 
     and cyber threat information between the intelligence 
     community and cybersecurity entities, and for other purposes:

  Mr. BLUMENAUER. Madam Chair, security and privacy are not mutually 
exclusive. The intelligence community--within government and the 
private sector--has the tools necessary to keep us safe without 
compromising our civil liberties. Unfortunately, the bill before the 
House, H.R. 3523, the Cyber Intelligence Sharing and Protection Act 
(CISPA), treats privacy and civil liberties as obstacles to 
cybersecurity. Therefore, I oppose this legislation.
  Just as the Internet has revolutionized the way people do business, 
learn, and interact, it has also transformed the nature of the threats 
against our national security. Every day bad actors--rogue states, 
terrorist organizations, and hackers--attempt to infiltrate America's 
cyber networks. Some security experts warn that a cyber attack poses 
the greatest threat to our national security.
  The intent of CISPA is laudable. Cybersecurity experts in government 
and the private sector agree that the biggest impediments to 
strengthening cybersecurity are the obstacles preventing the sharing of 
cyber threat information. If one network is attacked, other networks 
could benefit from information pertaining to that attack. However, 
CISPA fails to adequately protect civil liberties in facilitating this 
information sharing.
  CISPA preempts all other provisions of law, including critical 
privacy laws. The bill does not define ``national security'' at all, 
leaving that to the discretion of private entities and the government. 
The definition of ``cybersecurity threat'' is too broad and could allow 
the sharing of private information that does not relate to a real 
threat. The bill also does not require that the data be scrubbed of key 
information that may identify individuals. Once this information is 
shared, it is supposed to be used only for cybersecurity or national 
security purposes. But again these terms are undefined or only 
partially defined, leaving open the potential that this information may 
be abused in a way that does not relate to a real threat.
  Strengthening America's cybersecurity is a bipartisan issue. It 
should be done in a thoughtful and deliberate manner to ensure that we 
are securing the country while still protecting our civil liberties 
guaranteed by the Constitution. Unfortunately, CISPA falls short.

                          ____________________