Analysis: Cyber bills must ensure ‘sanitized’ info sharing

Sharon Bradford Franklin, senior counsel, Constitution Project

wfedstaff |

As Congress prepares to take up cybersecurity legislation as early as this week, one privacy advocate group is calling on lawmakers to include strong privacy protections into any bill it considers.

Specifically, the think tank has raised concerns about Einstein, the software the Homeland Security Department uses to monitor intrusions to federal computer networks.

“As the nation harnesses the power of computer networks to create and share knowledge … it is also developing new vulnerabilities to those who would steal, corrupt, harm, or destroy public and private assets that are vital to our national interests,” according to Jan. 27 report by the Constitution Project.

The Constitution Project argues Einstein raises concerns of infringements to the Fourth Amendment, barring unreasonable searches and seizures — particularly as agencies increase public-private partnerships to guard against cyber threats.

The organization has made recommendations in three categories for future cyber legislation, as outlined by Sharon Bradford Franklin, senior counsel of the Constitution Project:

  • Ensure effective oversight, through congressional and inspector general reviews.
  • Include privacy safeguards that limit the private personal information shared within government.
  • Limit the scope of government access and use of content from private communications.

The congressional proposals are aimed at giving the federal government a role in protecting private networks, Franklin said in an interview with The Federal Drive with Tom Temin.

“A lot of these bills contemplate information sharing programs, where private companies would share cybersecurity information with the federal government,” she said. “We want to make sure personally identifiable information is sanitized out of that sharing unless that is absolutely necessary for the cybersecurity purpose.”

In other words, the goal is to prevent a “permanent government wiretap on all of our communications,” Franklin said.

The Senate is expected to take up cyber bills later this week, Franklin said. She said the Constitution Project is “cautiously optimistic” about these measures. Meanwhile, the House has two lead bills — H.R.3523 and H.R.3674 — neither of which have as strong privacy controls as the Senate proposals, Franklin said.


US cybersecurity efforts trigger privacy concerns

Agency cyber shortfalls not just a problem of funding

More cybersecurity stories