WASHINGTON, D.C. – U.S. Senator Rand Paul today introduced the following amendments to S.754, the Cybersecurity Information Sharing Act currently being considered by the U.S. Senate. The amendments are outlined in detail below.
BACKGROUND INFORMATION ON SEN. PAUL’S AMENDMENTS TO CYBERSECURITY BILL
Clarifies Whistleblower Protection
- Adds rule of construction indicating that the Act does not prohibit or limit disclosure of whistleblower information to the Privacy and Civil Liberties Oversight Board (PCLOB).
- Clarifies that whistleblowers (agency and contractor) with knowledge of FISA programs may lodge complaints with Government Accountability Office (GAO), PCLOB, Congressional Intelligence Committees, or through internal channels. Prohibits professional retaliation against whistleblowers.
Protection of Existing Privacy Law
- Clarifies that nothing in this Act shall supersede any provision of law as it relates to the retention by a Federal entity of personal information or identifying a specific United States person.
Prevents liability immunity granted under the act from being used by companies to break privacy agreements with their customers
- CISA authorizes sweeping Internet monitoring of, and nearly unlimited sharing of information about, Internet users with the federal government, while companies are immune from lawsuits for taking these actions under this legislation.
- Amendment #2564, filed by Sen. Paul, would establish a simple protection for Internet users by clarifying that no company would be immune from making false promises to their customers.
- Congress should not make it possible for companies to monitor their customers’ Internet activities and transfer their data to the government while assuring the same customers that they do neither. Instead, Congress should promote accountability to private entities providing Internet services; advance transparency on information sharing conducted by those companies; and empowers Internet users to protect their own privacy.
End warrantless backdoor searches of Americans’ communications under Sec. 702
- Closes the “backdoor search” loophole that enables warrantless searches for information on Americans contained in phone records and emails collected under Sec. 702 of FISA.
Protect the privacy of Americans’ records held by third parties
- Establishes a clear principle consistent with the Fourth Amendment that, as it relates to government collection, an individual’s records given to a third party for a specific business purpose are equally secure in their person as those that remain in their possession, unless that third party informs the individual that it intends to share the record.
- This affirms that the government cannot circumvent warrant requirements by taking Americans’ records from third parties, and protects constitutional rights during engagement in regular communication and commerce.
Prohibit mandates on companies that they alter their products to enable government surveillance
- Prohibits the government from issuing mandates to force the intentional alteration of security features.
- Prevents the government from compelling companies to deliberately weaken the encryption security of their products and services so that the government can directly access communications and data.
Reports on Americans Surveilled Under this Act
- Modification of biennial report requirement to include additional transparency relating to number of United States persons subjected to monitoring and who personal information has been shared with the government.
Agency Sharing
- Requires federal entities to remove personal information from cyber threat indicators before sharing such cyber thread indicators with other federal entities.
Prohibits the government from accessing collection of content without a warrant
- Prohibits federal government access to and the collection of the content of communications of Americans without first obtaining a court approval.