[Congressional Record Volume 159, Number 53 (Thursday, April 18, 2013)]
[Extensions of Remarks]
[Pages E489-E490]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             CYBER INTELLIGENCE SHARING FOR PROTECTION ACT

                                 ______
                                 

                               speech of

                             HON. RUSH HOLT

                             of new jersey

                    in the house of representatives

                       Wednesday, April 17, 2013

       The House in Committee of the Whole House on the state of 
     the Union had under consideration the bill (H.R. 624) to 
     provide for the sharing of certain cyber threat intelligence 
     and cyber threat information between the intelligence 
     community and cybersecurity entities, and for other purposes:

  Mr. HOLT. Madam Chair, I rise in opposition to this bill. I believe 
my former colleagues on the House Permanent Select Committee on 
Intelligence who have brought this bill to the floor today have only 
the very best of intentions. They seek to prevent cyber attacks against 
our nation. So do I. Unfortunately, their proposed solution is a 
radical over-reach that would not stop such attacks but would open up 
the private lives and information of Americans for the government and 
business to see, at will.
  This bill contains the key phrase ``Notwithstanding any other 
provision of law . . .''. What does that mean? It means that 
notwithstanding even the limited privacy protections in the PATRIOT Act 
and the FISA Amendments Act, this bill would give businesses the 
ability to share the public's private data among themselves and the 
government by invoking

[[Page E490]]

the phrase ``cyber threat''. It means that notwithstanding the privacy 
protections in HIPAA, businesses can share personal medical information 
with each other and the government if there is a ``cyber threat''. And 
the definition of cyber threat is so nebulous, so sweeping that it can 
be invoked for almost anything that simply look unusual or is not 
immediately explainable.
  Chillingly, the bill in its current form would allow companies to 
share sensitive and personal information directly with the NSA and 
other military agencies, even if it is purely domestic, American 
information that is no way associated with foreign threats or national 
security events. CISPA would allow companies to share personally 
identifiable information without making even reasonable efforts to 
protect it. Finally, CISPA grants broad immunity for any ``decisions 
made'' based on cyber information, regardless of whether the company 
was acting recklessly or causes unintended collateral damage. This week 
the President indicated that he would veto this bill were it presented 
to him in its current form, as well he should. The better outcome would 
be for this bill to never reach his desk.
  Many competent security experts have shared their views with Congress 
that we can better protect our nation from cyber attacks without 
compromising the privacy and interests of our citizens. I regret that 
their counsel has been ignored, which is why I urge my colleagues to 
join me in rejecting this badly flawed bill.

                          ____________________