Idaho House OKs some cybersecurity records remaining secret

From the Associated Press

By Keith Ridler

BOISE, Idaho (AP) — Lawmakers in the House on Monday approved exempting some government cybersecurity records from public disclosure in a measure backers say is needed to thwart terrorist attacks.

The House voted 48-20 to approve the bill that would exempt disclosing the nature, location and function of cybersecurity devices, systems or programs used by a government entity to thwart terrorist attacks.

Republican Rep. Dustin Manwaring, the bill’s sponsor, said the legislation exempting those records from Idaho’s Public Records Act is needed because other nations are targeting government systems in the United States, and they could use public records to aid in those attacks.

“They are usually not just guys-down-in-the-basement hackers,” Manwaring said during debate on the House floor. “These are nation-state actors now that are attacking our government systems.”

Only Republican lawmakers opposed the bill, some citing their concerns individuals could fall under federal government surveillance if they are deemed to be domestic terrorists and not be able to find out about the surveillance.

Republican Rep. Heather Scott said that could include people the federal government considers spreading misinformation about the 2020 presidential election.

“Right now, we might think that we are not a target, but you get on the wrong side of the federal government, and you very well may be surveilled with no justification,” she said.

Democratic Rep. Chris Mathias, a U.S. Coast Guard veteran, said those fears were unfounded.

“I don’t care where terrorism comes from or originates,” he said. “I don’t care if it originates abroad or down the street from my house. If the government has the tools and the means available to do what is necessary to keep us safe, I want to make sure that we have them.”

Manwaring said a common item that would be prevented from being disclosed would be details about software designed to protect against malware attacks from terrorists.

Republican Rep. Vito Barbieri cited his concern that language in the bill about what constitutes a terrorist attack could be defined broadly to allow wide latitude in the government using cybersecurity methods without oversight.

“What is considered a terrorist attack?” he said. “This is a concern and I’ll be voting against it.”

Republican Rep. Julianne Young, who ultimately voted to pass the bill, sought clarification from Manwaring about limits on the bill, specifically asking if it could lead to government agencies withholding information about investigating a citizen.

Manwaring confirmed that the bill was only meant to withhold information about cybersecurity devices that protect other systems, and not to allow unfettered and hidden snooping on citizens.

The bill now goes to the Senate for its consideration.

From the Associated Press

Not an IDOG member yet?