Press Releases

Today, Rep. Adam Schiff (D-CA), the Ranking Member of the House Permanent Select Committee on Intelligence, delivered an opening statement during debate on the Committee’s bipartisan Protecting Cyber Networks Act.  Click here to watch the full speech.

The full statement, as delivered, is below:

I rise in support of HR 1560, The Protecting Cyber Networks Act.

At some point, we need to stop just hearing about cyber attacks that steal our most valuable trade secrets and our most private information, and actually do something to stop them. 

At some point, we need to stop talking about the next Sony, the next Anthem, the next Target, the next JP Morgan Chase, and the next State Department hack, and actually pass a bill that will help ensure that there will be no next cyber attack.

A few weeks back, the House Intelligence Committee held an open hearing on the cyber threat to America’s private sector. We heard from our witnesses that their businesses are cyber-attacked billions of times per day. Not thousands or millions, billions. 

The threat to our economy, our jobs and our privacy from not acting is massive, and it is certain.  We see it happening all around us.

So we must act now.

That’s why I am proud to support this bill.  The Protecting Cyber Networks Act provides for voluntary information sharing of cyber threats between and among the private and public sectors.

It does what no Executive Order can do.  It incentivizes cyber threat information sharing by providing limited liability protection.  Now companies can pool their resources say to one another: “I found this malicious code or this virus in my system – you should protect yourself by doing this.” 

And now the Government can better warn companies of an impending cyber attack just as it can for an approaching hurricane or an impending flu outbreak.

But let me be very clear about this.  To get this liability protection, a company that chooses to participate must remove any unrelated private information prior to sharing.  This is something privacy advocates and I called for when previous information sharing bills came before the House.  Unlike prior bills, this measure requires the private sector to strip out private information.

In fact, the bill has two, not one, privacy scrubs. 

The first happens when a company shares with another company or the Federal Government, and the second happens when the Federal Government shares the information further.

This bill even holds the Government directly liable if it doesn’t do what it’s required to do.

Second, to get the liability protection, a private company wishing to share with the federal government must go through a civilian portal.

To be clear – a company can’t go directly to the DOD or NSA and get the bill’s liability protection.  The lack of a civilian portal in previous bills was another key privacy-group criticism, and this bill has resolved that issue, too. 

In fact, of the five main criticisms of prior cyber bills, this bill has resolved each of them.

It has private sector privacy stripping of information, a civilian portal, it also has narrow restrictions on what the Government can use that shared cyber threat information for.  Gone is a national security use provision, gone is a vague terrorism use provision, and what’s left is only the most narrow of uses: to prevent cyber attacks, to prevent the loss of life, to prevent serious harm to a child, and to prevent other serious felonies.

Gone too is any question on whether offensive countermeasures or hack-back is authorized.  This bill makes clear that you cannot take anything but defensive actions to protect your networks and data.

And, lest anyone be confused, this bill makes clear in black and white legislative text that nothing authorizes government surveillance in this act. Nothing.

What this bill does is authorize voluntary, private sector sharing of cyber threat information, and it allows the Government to be able to quickly share threat information with the private sector, just as we need the CDC to put out timely warnings and advice on how to counteract this year’s flu strain or how to prevent a local disease from becoming an epidemic.

In addition, this bill requires strong privacy and civil liberties guidelines and intense reporting requirements.

The bill before us today strikes the right balance between securing our networks and protecting our privacy, and addresses the privacy concerns I, among others, raised last session.

However, some improvements still are yet to be made as this bill moves forward. 

In particular we need to further clarify that our liability protection only extends to those who act—or fail to act—reasonably.

Before closing, I want to thank Chairman Nunes for his leadership, and for working so hard on this bill.  It has been a great pleasure to work with you Mr. Chairman, and I’m grateful for all of the hours, energy and talent you and your staff have put into making this bill successful. I also want to thank all the Members of HPSCI, as well as the Judiciary Committee and the Homeland Security Committee for working with us.  We had many differences in opinion—and we still have some—but we kept our eyes firmly on what is best for the American people as a whole.  With that, we found ways to come together and produce a stronger bill.

I hope that we can continue to work together, as well as with the Senate and the White House and all stakeholders, to produce an even stronger bill for the President to sign into law. 

I also want to acknowledge the leadership of our predecessors, Dutch Ruppersberger and former HPSCI Chairman, Mike Rogers.  We have come this far in part because of the good work that they did in last couple sessions. And I also want to thank all of those who came to speak with us and provide their input in making this a better bill.

Every day we delay, more privacy is stolen, more jobs are lost, and more economic harm is done.  Let’s stop sitting by and watching all of this happen.  Let’s do something.  Let’s do what the Administration urged us to do and pass this bill.   And let’s do so now.

Thank you, and I reserve the balance of my time.

###