Contact Us | Members Only | Site Map

Association of Research Libraries (ARL®)

  Influencing Public Policies Contact:
Prue Adler
Privacy, Security & Civil Liberties

Cybersecurity Legislation

Share Share   Print

Cyber Security Act of 2012 and SECURE IT Act

As of mid-May 2012, the US Senate is considering two cybersecurity bills in the wake of the House of Representatives’ passage of the Cyber Intelligence Sharing and Protection Act (CISPA). ARL has joined a series bipartisan letters to the Senate expressing concerns about the Cyber Security Act of 2012 (S. 2105) and the SECURE IT Act (S. 2151), which are expected to be taken up on the floor of the Senate this spring. The core concerns with respect to the bills include:

  • Unprecedented limits to Freedom of Information Act requests prevent reasonable access to information about the operation of cybersecurity programs.

  • Key terms are poorly or broadly defined, giving service providers excessive power to monitor and control users.

  • Existing privacy laws are summarily bypassed, removing all protection for users so long as a service provider can claim that a cybersecurity threat or concern was involved.

  • Military agencies, including the National Security Agency (NSA), are given too much potential power to monitor domestic civilian communications.

  • Information collected pursuant to these cybersecurity purposes can be used for other purposes, including criminal investigations, giving a strong incentive for abuse.

For more details, see:

Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)

On April 26, 2012, the US House of Representatives passed H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA). ARL joined with over 30 privacy-related organizations in a letter to Congress noting serious concerns with provisions in the legislation. The organizations stated that “this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.”

ARL also joined with 40 members of the FOIA community in identifying significant flaws in the legislation. In that letter, the signatories stated, “in the interest of encouraging private companies to share cybersecurity threat information, the bill unwisely and unnecessarily cuts off all public access to cyber threat information before the public and Congress have the chance to understand the types of information that are withheld under the bill. Much of the sensitive information private companies are likely to share with the government is already protected from disclosure under the FOIA. Other information that may be shared could be critical for the public to ensure its safety. Any effort to expand the authority of the federal government to withhold information from the public should begin with careful consideration, including public hearings, by the House Oversight and Government Reform Committee, which has jurisdiction over FOIA.”

On April 25, the White House issued a Statement of Administration Policy on CISPA. The two-page policy statement begins:

The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation's vital information systems and critical infrastructure. The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation's core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form...

The statement describes flaws in the legislation and concludes, "if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill."