OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Providing for Consideration of H.R. 624, Cyber Intelligence Sharing and Protection Act

Floor Speech

Date: April 17, 2013
Location: Washington, DC
Issues: Technology and Communication

BREAK IN TRANSCRIPT

Mr. POLIS. Mr. Speaker, where to begin?

Let's start with process. This, as has been indicated by everyone who spoke thus far, is a critical issue for our country, getting the balance right between protecting American infrastructure and our way of life, with our civil liberties and confidence in the Internet ecosystem. And yet, this rule only allows 1 hour of debate in the House of Representatives on this bill.

I might add, the amendments that were talked about in the Rules Committee last night, the amendments that actually address some of the deficiencies which I'll be getting into about this bill, are not allowed under this rule. In fact, out of the 12 amendments allowed, two of them are actually the same. The same exact amendment allowed twice. And yet a number of other amendments are not even allowed to be debated or voted on here on the floor of the House.

I hold in my hands many, many amendments that were brought forward by Members of both parties and under this rule were prevented from being debated upon here on the floor of the House, which is why I strongly encourage my colleagues to vote ``no'' on the rule and ``no'' on the underlying bill in its present form.

There's no disagreement that cybersecurity is a very real and important issue. Threats come from criminal enterprises, they come from nation states, they come from corporations, they come from 16-year-olds. There's a variety of threats to both the public and private sector both here and abroad. The question is, What's the solution?

One of the first fallacies with the premise of this bill at the 20,000-foot level is, Who helps who? Frankly, it is the government that needs to learn and the private sector that leads the way. I've talked to a number of technology executives, having been a technology executive before I got here, and they are frequently ahead of the government. Because everyday they're fighting hacking attempts and they're on the front lines of cybersecurity.

Now it's not a doubt whether they want free help. Who wouldn't want free help? Should we in fact as taxpayers subsidize the defense of those who have not invested in their own cybersecurity? Should this be a bailout of companies with poor cybersecurity? But the truth of the matter is most of the learning that needs to occur is from the private sector to the government. And, in fact, we're taking some of those steps. The government and the NSA are using private contractors who are in the forefront of this issue every day, and that's more of the direction we need to go.

The notion that somehow the government would be of assistance to companies is laughable to many of the technology executives that I talk to; nor would they expect to call the government for help when they themselves are so far ahead. But to the extent we want to get the government involved with information and with the private sector here, we need to be very careful how this information is used, not just from a civil liberties perspective, which we'll be talking about, but because this is an economic issue; it's a confidence issue.

The Internet has been a tremendous engine of innovation and economic growth. And we should be concerned for the Internet ecosystem, concerned for the millions of jobs, concerned for the great value that's been created, the benefits to consumers across the country, the way it's touched our lives in so many ways.

What's fundamentally flawed in this approach is it trumps privacy agreements in terms of use that Internet companies enter with their users. So you could sign up for a service on the Internet, it could say explicitly we will not share this information with the government unless required by law, in terms of use--and frequently there are statements analogous to that in there--and the minute you click send and complete it, if this bill were law, the company you gave that information to could then turn around, in violation of their own terms of use, and provide all that information to the government.

The limitations on what the government would do with that information are completely inadequate. There is a section of the bill on pages 10 and 11 that deals with those limitations. First, it says that information can be used for cybersecurity purposes. Okay, that's the purpose of the bill: investigation and prosecution of cybersecurity crimes. That's okay. Then it goes far afield into pretty much everything. It talks about bodily harm, danger of death. When we look at bodily harm and bodily injury, that includes things under USC section 18, 365: cuts, abrasions, bruises, disfigurement, including mental pain.

So this is anything the government wants to use the information for. Paper that can cause paper cuts. The government can collect who's buying paper, who's buying scissors, who's playing football, who's organizing gun shows, who's a Tea Party enthusiast.

BREAK IN TRANSCRIPT

Mr. POLIS. And there are absolutely no protections with regard to what is done with that information.

There are a number of improvements that could make this bill viable, and these are not allowed under this rule. My colleague, Mr. Schiff, has put forward an amendment that would have simply required that reasonable precautions were taken to ensure privacy was protected. That would be a strong step forward. Real limitations about actually tying the use of this information to cybersecurity would be an important step forward with the bill.

What's at danger is, yes, civil liberties; but the danger is the confidence in the Internet ecosystem that has driven our economic growth over the last decade. There will be great harm if that confidence is shaken, great harm if people know that the information that they provide and sign up for can immediately be turned over to a government agency--indeed, a secretive government agency--with no recourse and completely exempt from any liability for the company that's done it.

It's been noted that this program is voluntary. It may be voluntary for the corporations. It's not voluntary for the individual. It's not voluntary for the citizens of the country who provide that information.

BREAK IN TRANSCRIPT

Mr. POLIS. Mr. Speaker, I have three documents to submit to the Record: one from former Representative Bob Barr, one Statement of Administration Policy, and a letter from several tech companies and others opposed to the bill.

I quote, in part:

Developments over the last year make CISPA's approach even more questionable than before.

Former Representative Bob Barr:

Congress must take the civil liberties threats created by this bill just as seriously as it takes the cyber threats the legislation purports to address.

Mr. Speaker, we should not hurt the Internet to save the Internet; and this bill, in its current form, leaves the language wide open with potential abuse. Again, when we talk about bodily harm, I have learned that in a California statute that includes dog bites. Essentially, anything is included in this information without limitation with regard to how the government can use it. This is a backdoor attack on the Fourth Amendment against unreasonable search and seizures.

We have criminal procedures and processes around how information can and can't be used. This is the biggest government takeover of personal information that I've seen during my time here in Congress. Again, I believe, on the balance, it harms what it purports to protect.

``Just say no'' to cybersecurity bill.

BREAK IN TRANSCRIPT


Source
arrow_upward