Criminal Justice & the Rule of Law Cybersecurity & Tech Surveillance & Privacy

Rogers-Ruppersberger Manager's Amendment

Paul Rosenzweig
Friday, April 13, 2012, 9:27 PM
The Rogers-Ruppersberger bill will come to the floor the week of April 23.  It's information sharing provisions are likely to be the crux of the debate on the House side.  Today, the Manager's filed a draft amendment in the nature of a substitute.  Major differences:
  • Throughout the bill the concept of private sector entity is expanded to include "utilities" which, after all, may be public sector entities but which ought to be within the ambit of the bill;
Meet The Authors

Published by The Lawfare Institute
in Cooperation With
Brookings

Subscribe to Lawfare
The Rogers-Ruppersberger bill will come to the floor the week of April 23.  It's information sharing provisions are likely to be the crux of the debate on the House side.  Today, the Manager's filed a draft amendment in the nature of a substitute.  Major differences:
  • Throughout the bill the concept of private sector entity is expanded to include "utilities" which, after all, may be public sector entities but which ought to be within the ambit of the bill;
  • The earlier version of the bill had allowed sharing of cyber threat information with anyone in the Federal government.  The new version requires that Federal recipients include DHS in the loop;
  • The blanket immunity from liability provided for in earlier drafts is narrowed somewhat to not protect against liability for willful misconduct;
  • The purpose rules are modified so that a cyber security purpose or national security purpose must be a "significant" purpose of the sharing (a change that will remind many readers of the debate over other intelligence sharing rules);
  • Government use is further limited by anti-tasking rules that prohibit the government from asking for information from the private sector affirmatively -- only voluntary sharing is permitted;
  • A right of action against the government for damages from intentionally or willful violations of the limitations is added; and
  • Since the Privacy and Civil Liberties Oversight Board is not yet active a report from the ODNI Inspector General on privacy implications is required instead.
Overall, some modest, but significant pro-privacy changes, though likely not enough to satisfy many in the NGO community.
Topics:
Criminal Justice & the Rule of Law Cybersecurity & Tech Surveillance & Privacy
Back to Top
Paul Rosenzweig

Paul Rosenzweig

@RosenzweigP
Read More
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare