By Elizabeth Holland
Cybersecurity is an increasingly important issue for U.S. industry, government, and the tech sector, but this week, Congress is poised to act on several proposals that could be detrimental to the privacy of library users.
On Wednesday and Thursday, the House will vote on two cybersecurity proposals, the National Cybersecurity Protection Advancement Act (H.R. 1731) and the Protecting Cyber Networks Act (PCNA) (H.R. 1560). Both bills intend to promote information sharing about cybersecurity threats among private entities and between them and the federal government: H.R. 1731 would use the Department of Homeland Security as an intermediary for sharing electronic information, giving companies protection from civil suits brought by consumers who think the information sharing violates privacy laws; H.R. 1560 would provide liability protections for companies that share that information with other companies and the government. However, in doing so, the bills increase intelligence agencies’ access to sensitive personal information without adequate legal protections and exempt from disclosure “without discretion” some information provided to the government under the Freedom of Information Act.
In a letter sent to members of the House on Tuesday, AALL joined a coalition of open government and civil liberties groups to oppose the PCNA, which would “undermine government transparency and potentially result in the bulk collection and mining of sensitive personal information by intelligence agencies that would have little to do with cybersecurity.”
H.R. 1560 and H.R. 1731 are expected to pass the House and have gained the support of the White House, though it is yet unclear if members of the Senate will support both measures. In total, five bills on information sharing in cybersecurity have been introduced in the 114th Congress. The White House has also submitted a legislative proposal and issued an executive order on the topic. While is it clear that action is necessary to enable effective information sharing to protect against cyber threats, AALL believes that Congress must take steps to protect personal privacy before enacting any cybersecurity legislation.