[Congressional Record Volume 159, Number 58 (Thursday, April 25, 2013)]
[Extensions of Remarks]
[Pages E543-E544]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             CYBER INTELLIGENCE SHARING AND PROTECTION ACT

                                 ______
                                 

                               speech of

                         HON. CHRIS VAN HOLLEN

                              of maryland

                    in the house of representatives

                       Wednesday, April 17, 2013

       The House in Committee of the Whole House on the state of 
     the Union had under consideration the bill (H.R. 624) to 
     provide for the sharing of certain cyber threat intelligence 
     and cyber threat information between the intelligence 
     community and cybersecurity entities, and for other purposes:

  Mr. VAN HOLLEN. Madam Chair, every day cyber-networks in this country 
are attacked. These attacks cause substantial disruption to our 
networks and drain billions of dollars from our economy each year. 
Today we consider a bill designed to strengthen our protections against 
cyber threats by encouraging private entities to share information and 
intelligence

[[Page E544]]

among themselves and with the government. I certainly support that 
goal. However, I cannot support this bill in its current form because I 
believe it does not sufficiently protect the privacy of Americans. 
Specifically, the bill does not include sufficient protections against 
the disclosure of sensitive personal information.
  Under the bill, companies are not required to extract personal 
information from the data they collect and share. Sharing un-scrubbed 
personal information with other companies or with government agencies 
can potentially put the civil liberties of Americans at risk if the 
data is misused or handled improperly. The bill also grants companies 
excessively broad immunities from legal responsibility for the 
disclosure or misuse of this data.
  Many of the amendments accepted on the floor this week provide 
increased protections for information once it is received by the 
government, but that is no substitute for protecting it when it is 
initially collected by companies or when they share the data with each 
other. The White House has threatened to veto this bill if these issues 
are not adequately addressed.
  I opposed this bill last year for similar reasons. I welcome the 
changes made to the bill this year to address some of those concerns. 
For example, no longer can receiving government agencies use 
information for national security purposes. Additionally, increased 
protections for personal data have been added for the information when 
it is placed in government hands. These changes improve the bill, but 
they do not go far enough to prevent the unwarranted and unnecessary 
disclosure of private information.
  I believe that the cyber threats we face in this country are real, 
present and destructive. However, I believe that we can address these 
cyber threats without opening the door to unnecessary disclosure of 
private information. The companies who collect sensitive data about 
Americans should be required to safeguard that data to the fullest 
extent of their ability. The shortcomings of this bill can be easily 
addressed and I hope the Senate will make these necessary changes. I 
look forward to supporting a future bill that achieves that goal.

                          ____________________