Amendments offered to the Cybersecurity Act of 2012

UPDATE: Wyden Statement on Vote Against Cloture of the Cybersecurity Act


Press Release Text of Amendment | U.S News and World Report Op-Ed

U.S. Senator Ron Wyden (D-Ore.) and U.S. Representative Jason Chaffetz (R-Utah) teamed up to write the Geolocation Privacy and Surveillance (GPS) Act, which is now being offered as an amendment to the Cybersecurity Act of 2012.

Currently, laws pertaining to geolocation tracking have not kept pace with technology.  Judges in different jurisdictions have issued conflicting rulings about what procedures law enforcement must follow – and how much evidence is necessary – to obtain individuals’ geolocation data from private companies.  This lack of clarity creates problems for law enforcement agencies and private companies, as well as uncertainty for customers. 

The bipartisan legislation creates a legal framework designed to give government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information can be accessed and used. 

The GPS Act requires government agencies to get a probable cause warrant to obtain geolocation information in the same way that they currently get warrants for wiretaps or other types of electronic surveillance. It also requires private companies to get customer consent before sharing their customers’ information outside the normal course of business, and outlaws “cyber-stalking” by making it a crime to secretly track someone’s movements electronically

Click here for more information on the GPS Act

“Stay Off My Cloud” Amendment

Press Release | Text of Amendment

Stay Off My Cloud puts in place several privacy protections to ensure that the government stays off your personal cloud.

Many private companies contract with government agencies to provide information services to “continuously monitor” their networks and report to the federal government agencies in “real time or near real time” cyber incidents that jeopardize the “integrity, confidentiality, or availability of information or an information system.”

The amendment makes it clear that service providers need only provide information about cybersecurity incidents if they pose a threat to the government’s information. Importantly, with respect to continuous monitoring and reporting requirements, operators of government information are allowed to use processes that will protect the privacy of individual or non-government, customer specific data.  

Stay Off My Cloud prohibits individuals’ private data from being accessed by the government solely because it’s stored by a company who provides information services to a government agency.

No Binding International Cyber Treaties without Senate Approval Amendment

Press Release | Text of Amendment

Title VI of the Cybersecurity Act of 2012 calls upon the Secretary of State to “develop and lead Federal Government efforts to engage with other countries to advance the cyberspace objectives of the United States, including efforts to bolster an international framework of cyber norms, governance and deterrence.”

The administration had used similar language found in the Pro IP Act of 2008 to justify entering into binding international agreements on intellectual property as part of the Anti-Counterfeiting Trade Agreement without the advice and consent of the Senate. This amendment makes it clear that nothing in the Cybersecurity Act of 2012 shall be construed to enable the president to enter the U.S. into a binding international agreement on cybersecurity without the advice and consent of the Senate.