Homeland Security Secretary Jeh Johnson downplayed concerns from civil-liberties groups like the ACLU, saying he is satisfied with the “adequate privacy protections” in the House and Senate versions of the cyber security bill.
“We worked very hard with the Congress to establish DHS, which is a civilian agency, as the single portal through which we are encouraging the private sector to provide indicators for which there is a limitation on civil and criminal liability if you do. And at DHS we have constructed a system for real-time and near real-time information sharing with a privacy scrub built into the system where a privacy scrub is necessary — and that is unique among all the federal agencies, and we’ve set it up that way,” Johnson said at the Council on Foreign Relations.
“So when information is shared with other federal departments and agencies, we have vetted it to ensure privacy. And that was a critical component of the Senate bill in particular and there’s a different version of it in the House bill, which I hope gets worked out in conference, but I’m satisfied that both pieces of legislation provide for adequate privacy protections coming with respect to information from the private sector.”
The ACLU said that the Cybersecurity Information Sharing Act, which passed the Senate at the end of October, would “expand warrantless government surveillance and harm the privacy rights of all Americans by granting companies broad liability protection when they share with the government the private information of their customers for ‘cybersecurity purposes.’”
“CISA also allows the government to use information they receive from companies to investigate and prosecute crimes that have no connection to cybersecurity,” the ACLU said.
During the event, an FCC official characterized the DHS hiring process for cybersecurity experts as “absolutely brutal.”
“Usually you want people who look like the enemy and can be like the enemy,” he said. “They have bans on people if they smoked marijuana and all of these things are indicators of a serious problem. I mean, NSA has used waivers on this.”
He asked Johnson about any possible changes that would be made.
“Is anyone looking at the fact that the people you are trying to hire don’t exist?” he asked. “The FBI hires everyone they bust so those people are out of the market.”
In response, Johnson said, “If somebody comes to me and says, ‘I’ve never smoked a joint in my life or induced any illegal drug,’ I’d say, ‘are you sure you are telling me the truth?’ A moderate minimal use is kind of within the range of normalcy so in one’s life experience — not recent experience, in one’s life experience. I think you are making a decent point. I want to see us be creative, innovative, aggressive in who we recruit to come serve the country and support our efforts.”
Johnson also said “time with tell” if China’s government follows through on the commitment it made after the Chinese hack of millions of U.S. federal employees’ personal information. In September, both countries agreed not to support cyber theft.
“We’ve agreed that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage,” President Obama said in September after meeting with Chinese President Xi Jinping.