Incident Response, TDR

As Safe Harbour ruled invalid, lawmakers reconsider CISA

After the European Court of Justice (ECJ) Tuesday declared the EU-US Safe Harbour pact invalid, U.S. lawmakers are considering how the decision could potentially impact the Cybersecurity Information Sharing Act (CISA).

The U.S. House Energy and Commerce Committee asked the Commerce Department to update lawmakers on progress toward a new agreement with the European Union (EU) on transatlantic data transfers. In a release, the committee's lawmakers "expressed concern" over the ECJ's decision.

Senate Intelligence Committee Chairman Richard Burr and Vice Chairman Dianne Feinstein said CISA will be revisited for debate beginning the week of Oct. 19 after senators return from a week-long recess for the Columbus Day holiday.

Omer Tene, vice president of research and education at the International Association of Privacy, told that the Safe Harbour decision would mainly affect CISA's Judicial redress Act, which would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement. "It is very unlikely that this would have passed," Tene said, "and I'm not sure if it would have satisfied the European authorities anyway."

CISA would expand the sharing of cyber threat data between companies and the government, which privacy advocates have said would make it more difficult to pass a revised version of Safe Harbour.

“The privacy provisions are substantial and I believe address many of the concerns that had been raised in regard to earlier drafts of the bill,” Feinstein said in a statement in March, referring to changes made to CISA since last year's version was introduced.

"For months, we have been trying to pass important, balanced legislation to help companies get the information they need to stop losses like this," Feinstein said in a statement Friday about the T-Mobile/Experian hack.

Berin Szoka, president of TechFreedom, an advocacy group lobbying for stronger privacy provisions in the U.S., said in a statement, that Europeans won't agree to a new deal until Congress passes basic privacy reforms.”

He said the Judicial Redress Act of 2015, legislation that seeks to improve privacy relations when law enforcement data is transferred between the EU and U.S., "would at least begin to address the ECJ's strong concern about a lack of remedy for privacy violations by the U.S. government.” Szoka said the USA Freedom Act, passed by Congress in June and which prohibited the bulk collection of personal data, was "too little too late."

Tene believes the political drama around CISA is out-of-step with the new realities of the ECJ decision with legislators continuing to discuss CISA as if nothing has changed. The political process in the U.S., he said, "is difficult enough without thinking about Safe Harbour." The Washington veteran noted, "It's not a very substantive discussion."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.