By Jay Hansen
This is Senator Tom Coburn’s response to my letter I wrote him regarding CISPA and similar legislation regarding cyber security, civil liberties, and privacy on the internet.
Summary: Coburn’s letter was actually pretty well constructed. It was one of the better examples of political feedback I’ve ever gotten. He gave lots of information about Senate-equivalent legislation since CISPA is yet to reach the Senate, and shares similar concerns to my own, particularly that of the Department of Homeland Security (or other branch of the government) having such broad power over the internet, and the vague and loosely defined terminology within the bill. Currently he says he is monitoring such legislation and will keep these concerns in mind, but also personally supports “[updating] the criminal code to discourage cyber crime and to encourage information sharing about cyber threats between the government and the private sector.” While he did specify sharing information about cyber threats between the government and private sector, he did not directly address my primary concern with such legislation, which is companies having too much power to share a user’s private information without the user’s consent and with no legal liability or consequences for doing so. Still, he did more directly address my concerns with the government having such broad power, which is a good sign.
Dear Mr. Hansen,
Thank you for your message regarding the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 3523). It is good to hear from you again. I appreciate you taking the time to expound on this legislation, in addition to your concerns about the Stop Online Privacy Act (SOPA, H.R 3261) and the Protect IP Act (PIPA, S. 968), which you previously wrote me about. I am grateful to have the opportunity to elaborate on this important issue.
H.R. 3523 passed the House of Representatives on April 26, 2012 by a vote of 248 to 168. It has not yet been introduced in the Senate. It was then referred to the Senate Select Committee on Intelligence, but has not received consideration by the full Senate.
Cyber security is one of the most important national security challenges facing our nation. Every day, sensitive and secure government networks are under attack from adversary nations that wish to steal our national secrets. The National Counterintelligence Executive has testified that the theft of trade secrets from U.S. companies by foreign rivals harms U.S. private sector growth (http://1.usa.gov/K2c4bX). Cyber crime remains a growing problem.
Given these significant challenges, it is important that Congress seriously look at the problem and determine what laws and policies should be changed to strengthen our cyber security while upholding the Constitution. As you note in your message, it is important that Congress vigilantly examine, determine, and define these complex terminologies and definitions in order to comply with the Constitution. I understand you had similar concerns of this nature regarding SOPA and PIPA, and I will keep this important observation in mind.
I am currently reviewing several legislative proposals that have been offered on this matter. In the Senate, the current focus has been on S. 413, the Cybersecurity and Internet Freedom Act of 2011, which would give the Department of Homeland Security (DHS) broad power to regulate and manage cyber security for government networks and the private sector. I have concerns about whether it is appropriate to give DHS this power.
I am also reviewing other proposals that have been offered, including efforts to update the criminal code to discourage cyber crime and to encourage information sharing about cyber threats between the government and the private sector. As I review these proposals, I am committed to balancing efforts to mitigate cyber security threats with protecting and maintaining citizens’ civil liberties.
Thank you again for writing. Best wishes.
Tom A. Coburn, M.D.
United States Senator