[Congressional Record (Bound Edition), Volume 161 (2015), Part 10]
[Senate]
[Pages 13513-13514]
[From the U.S. Government Publishing Office, www.gpo.gov]




                             CYBER SECURITY

  Mr. DAINES. Mr. President, as I like to say, there are only two types 
of companies: those that have been hacked and those that know they have 
been hacked. This was recently seen at JPMorgan Chase. Last summer the 
company suffered a cyber attack that involved the theft of contact 
information for about 76 million households. In the aftermath, JPMorgan 
Chase is expected to double its budget for cyber security efforts this 
year. But the case of JPMorgan is not unique nor a simply cautionary 
tale for other major companies.
  In the last few months, we have seen one of the largest cyber attacks 
on our Nation's technology infrastructure and other major cyber 
breaches affecting our financial and transportation sector. I share 
these comments in the context of having worked as an executive for a 
cloud computing company for 12 years prior to serving in the Senate. In 
the midst of these attacks, we see radical Islamic terrorists 
infiltrating American social media networks to recruit Americans to 
join them as jihadists overseas.
  We must work to address these challenges, and our response must be 
measured as well as thoughtful, not only about the immediate threats to 
our cyber infrastructure but also to the long-term effects on our 
national security and our constitutional freedoms. As we are seeing 
with the European Union, after years of debate, the EU is currently 
working on a policy to ensure their citizens are notified of cyber 
breaches within 72 hours and that victims of these attacks are notified 
without undue delay.
  This is the type of response we need in the United States, much like 
the notification reforms that I have worked for in Congress. On a near 
daily basis, we see headlines in our major newspapers that underscore 
the absolute importance of creating a concrete timeline for 
implementing timely notification standards.
  Having spent more than 12 years working on technology, I know 
firsthand the power that Big Data holds. I also understand the 
importance of setting standards and clear guidelines. As we always said 
in 28 years of business, if you aim at nothing, you will hit it. It is 
important that we not only expect more but that we also inspect. We 
want to be assured that guidelines are being followed.
  It is unacceptable that any American is left in the dark when their 
personally identifiable information or PII may have been breached. That 
is why I have been fighting to strengthen notification requirements and 
ensure that the American people know when their personal information is 
compromised. When I was running customer service operations at RightNow 
Technologies and looking out for our customers, when we had a problem, 
our policy was that we notified our customers as soon as we were aware 
of the problem. Maybe we did not always understand the magnitude at the 
time of the problem, but we believed we owed it to our customers to get 
back to them as soon as possible.
  The customers, the consumers of this country, should be served in a 
similar way. But as the Senate prepares to consider cyber security 
reforms, we also need to strike the right balance between protecting 
our cyber security infrastructure and the personal information of 
Americans, while also protecting the constitutional rights and the 
liberty of the American people. We must protect our Nation's security 
while also preserving our civil liberties.
  We must remain vigilant. We must ensure that we have robust and 
transparent debate about cyber protection and what reforms must be 
implemented to protect American civil liberties. We see some of these 
protections in the legislation I cosponsored, spearheaded by Senators 
Mike Lee and Pat Leahy. The Electronic Communications Privacy Act 
Amendments Act of 2015 modernizes our Nation's electronic privacy laws 
and brings protections against warrantless searches into harmony with 
the technological realities of the 21st century.
  The protections currently on the books may have been robust in 1986 
when the ECPA was written, but they do not adequately defend our 
citizens against the mass data storage that currently exists. Nobody in 
1986 would have ever envisioned where we are today as to the massive 
amount of data that is collected and stored today on the American 
people. This bill ensures that the Federal Government gives our law 
enforcement officials the tools they need, while ensuring that 
Montanans and the American people are

[[Page 13514]]

not subjected to invasive and unwarranted searches.
  Privacy and security both matter. I believe we can find a balance 
that protects both. I urge my colleagues to join me in finding reforms 
that stop cyber criminals from infiltrating our security networks and 
also preserve the privacy and the civil liberties that Montanans and 
Americans hold dear.

                          ____________________