The letter, a response to a request for information from Sen. Al Franken, was sent Friday and released by the Minnesota Democrat's office Monday. The problems DHS outlines in the letter mirror many of the concerns that privacy advocates and security experts have raised about the bill, which could come up for a vote in the Senate this week before the chamber breaks for August recess.
In releasing the DHS letter, Franken said Monday that CISA is not yet ready for a vote. "The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," he said in a statement.
Franken, an outspoken privacy advocate in the Senate, asked DHS last month to set out any concerns it may have with the bill's privacy, effectiveness, and efficiency. The agency identified a number of issues with the bill, including a provision that would make it difficult for the agency to anonymize incoming data and preserve Americans' privacy, and a worry that the sheer volume of information that would be shared under the law would be overpowering.
DHS has been intimately involved in cyberinformation-sharing ever since recent legislation created the National Cybersecurity and Communications Integration Center cyberthreat clearinghouse within the agency. A number of federal agencies and over a hundred private-sector companies participate in DHS's information-sharing program.
In the response to Franken's request, DHS said a stronger information-sharing law should preserve the NCCIC as the hub for any expanded program, rather than spreading cyberthreat information out across government agencies.
The agency also said it was concerned that an allowance in the Senate bill for companies to mark information they share with the government as proprietary could get in the way of the program's goals and prevent agencies from acting on the cyberthreat information they receive. DHS recommended that information, once anonymized, no longer be regarded as proprietary.
With only a week before the Senate adjourns for the summer, CISA is up against a ticking clock. Senators are working to reach an agreement to move forward with the bill early this week, but lawmakers from both parties are clamoring to add amendments to the bill.
A spokesman for Senate Majority Leader Mitch McConnell said the senator wants to move to the cyber bill immediately after a vote on defunding Planned Parenthood on Monday afternoon. The bill to defund Planned Parenthood is not expected to pass.
If it does not get a vote this week, the bill will get shunted to the fall, where it will compete for senators' attention with other pressing issues, such as fights over appropriations and the debt ceiling.