Privacy, civil rights, and civil liberties (P/CRCL) – as they relate to the public and private space – are increasingly woven into the work of countering terrorism and violent extremism. P/CRCL also plays an important role in cybersecurity conversations. The Intelligence Reform and Terrorism Prevention Act of 2004 created the Information Sharing Environment (ISE) with a mandate to share terrorism-related information “in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties.” As a result, the ISE recognizes that the exchange of sensitive information comes with the responsibility to understand evolving privacy concerns, and identify policy challenges and institutional best practices that apply to this environment.

At the 2016 International Association of Privacy Professionals Global Privacy Summit in Washington, D.C., the nexus between cybersecurity and P/CRCL was a central theme. As noted by Marc Groman, Senior Advisor for Privacy at the Office of Management and Budget and Chair of the Federal Privacy Council, privacy and cybersecurity efforts require coordination and are “independent but interdependent.” Cybersecurity programs implemented by ISE partners should incorporate the principals of Privacy by Design by ensuring that privacy is considered at all stages during the program design process.

Recently, the 2015 Cybersecurity Information Sharing Act (CISA) has enabled the Department of Homeland Security (DHS) to establish the Automated Indicator Sharing portal, which allows DHS to quickly share unclassified cyber threat indicators with other government agencies and the private sector. At its core, CISA is designed to improve cybersecurity through enhanced information sharing of cyber threat indicators between the private sector and the U.S. government. This is done by addressing several of the impediments to information sharing that include the concern for personally identifiable information (PII) and the culture of information sharing.

The sharing of information related to cyber threat indicators is still voluntary under CISA, however; the act itself is centered on two main concepts: (1) the creation of an architecture that promotes information sharing about cyber threat indicators and (2) the protection of those who share that information. There is much progress to be made in cybersecurity information sharing. DHS and the Department of Justice (DOJ) have recently released Privacy and Civil Liberties Interim Guidelines, which require organizations receiving information to review PII and “destroy … in a timely manner” any remaining PII before sharing further.

In addition to the aforementioned cybersecurity work of federal ISE partners, there are a number of additional efforts that have been developed in light of the cybersecurity mission, to include the work of the International Association of Chiefs of Police (IACP) Law Enforcement Cyber Center (LECC) and recent information sharing success at the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). The Privacy and Civil Liberties Subcommittee of the Information Sharing and Access Interagency Policy Committee (ISA IPC) has also developed resource documents for federal and non-federal agencies to assist with developing and implementing P/CRCL protections.

 

News Source: 

Program Manager-Information Sharing Environment Blog, 28 April 2016