Blumenthal and Bono Mack Discuss Privacy, Cybersecurity Legislation

Last Thursday morning, Politico Pro presented a briefing focused on cyberprivacy and cybersecurity. Participating in the discussion were Sen. Richard Blumenthal (D-CT), Rep. Mary Bono Mack (R-CA), Dr. Thomas M. Lenard (President and Senior Fellow at the Technology Policy Institute), and Tim Sparanpani (Principal at SPQR Strategies, PLLC).

The briefing began with a discussion of the pending Cyber Intelligence and Sharing Act (CISPA). This pending legislation would increase the ability of the government and private sector to share cyber threat information. While both Sen. Blumenthal and Rep. Bono Mack agreed that the cyber threat is significant and real, they disagreed about provisions of CIPSA. While Bono Mack supports the bill in its current form, Blumenthal believes that the bill needs greater privacy protections and should include a private right of action. Blumenthal also broached the idea of creating a new cybersecurity agency to protect the country against cyber attacks. Bono Mack responded that creating a new agency would not be a panacea, and that the best solution is to empower the private sector to find solutions.

Blumenthal and Bono Mack also expressed differing opinions about privacy legislation. Blumenthal voiced his support for baseline privacy legislation. He said that people understand privacy, and they should have knowledge of data practices and the option to give consent to data collection. Bono Mack, on the other hand, said people frequently choose convenience over privacy, and there should be more Congressional hearings on privacy. Her first choice, she said, was for industry self-regulation; only if this failed, should Congress pass privacy legislation. Tim Sparanpani meanwhile voiced optimism that app developers are taking privacy seriously. He also noted the importance of data minimization and warned against legislation that would inhibit the ability of the private sector to develop new, innovative products and solutions.

One area where Blumenthal and Bono Mack did agree was on data breach legislation. They both voiced their support for data breach legislation, and such legislation has strong bipartisan support.

Overall, the participants were in broad agreement about what needs to be done; all agreed that privacy is very important, and the U.S. urgently needs to increase cybersecurity.  However, as with so many events on cybersecurity and cyberprivacy legislation, the participants held divergent opinions about the best way to accomplish these goals. The discussion, while informative, did not seem to indicate an immediate compromise solution.

 

-Steven Beale

Apr. 24, 2012 – Peter Swire Op-ed on Cybersecurity, TAP

Apr. 23, 2012 – You Are Big Brother (But That Isn't So Bad), Advertising Age

Apr. 23, 2012 – Facebook Apps Scored For Privacy, RedOrbit

Apr. 23, 2012 – Free tool rates Facebook app privacy, Asbury Park Press

Apr. 23, 2012 – Facebook apps rated on privacy protection, USA Today

PCLOB Nomination Hearing

Last Wednesday the Senate Judiciary Committee held a confirmation hearing for nominees to the Privacy and Civil Liberties Oversight Board (PCLOB). The Board, created in response to the 9/11 Commission, is charged with making sure privacy and civil rights are protected for executive branch activities and measures. It consists of five members appointed by the President, and all five of these nominees were present at Wednesday’s hearing. The nominee for Chairman of the PCLOB is David Medine, and the other nominees are James Xavier Dempsey, Elisebeth Collins Cook, Rachel L. Brand, and Patricia M. Wald. The nominees are bipartisan, and all are recognized thought leaders on privacy and civil rights.

The hearing showcased significant common ground between the senators present and the nominees. All agreed that civil rights are fundamental; as Senator Leahy put it, safeguarding liberties is not a partisan issue, it is an American issue. At the same time, everyone agreed that privacy controls should not impede security. Rather, there was consensus that that privacy and security are not mutually exclusive, and that it is possible to simultaneously have both strong security and privacy.

One topic that surfaced multiple times was cybersecurity and information sharing. Senators Leahy, Whitehouse, and Franken all asked the nominees questions about pending cybersecurity legislation. In particular, the senators were interested in how to encourage the sharing of cybersecurity threat information while also protecting the privacy of U.S. citizens. The nominees agreed that this is an important issue, and Mr. Dempsey expressed the opinion that increased information sharing would be beneficial and could be done in a privacy-friendly manner.

Another theme that surfaced several times was how to ensure privacy in an era of rapid technological change. GPS, facial recognition technology, data aggregation, and other new technologies allow the government track and gather significant data about citizens. This data can be used both to protect our nation’s security, but, if proper rules are not in place, it can also infringe the privacy and civil liberties of innocent Americans. Ms. Cook noted that, if confirmed, she would work with her colleagues to use new privacy enhancing technologies. Ms. Wald also noted the important role the PCLOB can play by working to ensure privacy and civil liberties are protected during the policy design phase.

The hearing demonstrated that if and when the nominees are confirmed, they will have to carefully prioritize their important work. The hearing did not feature any harsh questions or significant criticisms of the nominees, so the path may be clear for proceeding to confirmation.

 

-Steven Beale

Apr. 22, 2012 – Facebook apps rated on privacy protection, Tucson Citizen

Apr. 21, 2012 – Privacy experts warn that new car black box bill doesn't go far enough, Ars Technica

Swire Cybersecurity Op-Ed in The Hill

FPF Senior Fellow Peter Swire just published an op-ed in The Hill titled “Moving Too Fast on Cybersecurity.” In the piece, Swire cautioned against rushing cybersecurity legislation through Congress. To see the full op-ed, click here.