The collection of data is among one of the items that has spawned a contentious debate in the wake of cybersecurity breaches and public outcry against an overly invasive government. Protecting information, sharing data and how to respond to the ills of corporate espionage and national security threats have also informed the debate and discussion.
Recently, Chairman of the House Intelligence Committee Rep. Mike Rogers (R-MI) and ranking member Rep. C.A. Dutch Ruppersberger (D-MD) co-sponsored H.R.4291, the Foreign Intelligence Surveillance Act Transparency and Modernization Act, which if enacted would, among other provisions, end the bulk collection of metadata under FISA. This would include metadata gathered via phone, email, and internet.
The act would also codify a ban on the collection of bulk firearm sales, library, educational and medical records, and tax returns, according to information from Rogers’ office. However, with an emphasis on judicial review, the legislation does allow for the government to obtain metadata required to protect against terrorists in a “targeted, individualized way with robust judicial review.”
A release from the congressman states judicial oversight would be required before and after collection of data to ensure its national security relevance. Further, the government would not be able to listen to phone calls or read the content of emails as a result of the legislation.
If there was “reasonable and articulable suspicion” that a particular phone number is associated with terrorism, the government could direct communication companies to “query their records and provide the government with numbers connected with that suspect number” in order to help detect indicators of terrorist activity.
“We look forward to working with our colleagues in the House and Senate to enact a bipartisan proposal that will ensure the highest levels of privacy and civil liberties while still maintaining the tools our government needs to keep us, and our allies, safe,” Rogers said.
The government would be prohibited from using the metadata to gather personally identifiable information, and it would not force companies keep records longer normal. Rep. Mike Pompeo (R-KS), one of the bills co-sponsors said: “This legislation ensures that Americans’ civil rights are protected while keeping them safe from foreign threats. This good government reform brings transparency and accountability in a way that ensures that our intelligence agencies are working closely with Congress and the Courts to succeed in their mission.”
The proposal is among a number of bills aimed at mitigating national security threats, data breaches and the protection of sensitive information and is only a part of the overarching discussion regarding the realities of a constantly changing digital world.
Last month Mike McConnell, vice chairman of consulting firm Booz Allen and former director of national intelligence under President George W. Bush, spoke to a group of chief information officers in San Diego to discuss the challenges associated with passing legislation related to cybersecurity. McConnell discussed an array of topics ranging from notorious hacker Eric Snowden, who was hired by Booz Allen, to the public’s fears about metadata collection by the government, to the benefits of a private-public partnership with respect to sharing information about cyber threats.
China’s corporate espionage practices, hackers out to steal source code and national security breaches are all in play. He said some of the problem is that pertinent laws in place are outdated.
s John Bussey. (Link here) He suggests putting in place a framework to encourage the sharing of information regarding cyber threats between the government and private enterprises, and even went as far as to recommend providing liability protections for companies that participate in informational exchanges. McConnell said, though, legislation that would facilitate this has come to a halt.
The National Institute of Standards and Technology released a framework that was the result of collaboration between industry principals and the government that “consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk,” according to information from NIST.
In February of 2013, President Barack Obama directed NIST develop a voluntary framework to reducing cyber risks, and eventually issued Executive Order 13636 requiring federal agencies to issue a formal template of best practices. On Thursday, the National Cybersecurity Center of Excellence hosted the State and Local Government Cybersecurity Framework Kickoff to better inform stakeholders of the implementation of the executive order.
Dan Sabbatino is an award winning journalist whose accolades include a New York Press Association award for a series of articles he wrote dealing with a small upstate town’s battle over the implications of letting a “big-box” retailer locate within its borders. He has worked as a reporter and editor since 2007 primarily covering state and local politics for a number off publications.