ARM15K66

S.L.C.

AMENDMENT NO.llll

Calendar No.lll

Purpose: To improve the requirements relating to removal

of personal information from cyber threat indicators before sharing.
IN THE SENATE OF THE UNITED STATES114th Cong., 1st Sess.

S. 754
To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity
threats, and for other purposes.
Referred to the Committee on llllllllll and
ordered to be printed
Ordered to lie on the table and to be printed
AMENDMENT intended to be proposed by Mr. WYDEN
Viz:
1

On page 16, strike lines 9 through 21 and insert the

2 following:
3

(A) review such cyber threat indicator and

remove, to the extent feasible, any personal in-

formation of or identifying a specific individual

that is not necessary to describe or identity a

cybersecurity threat; or

(B) implement and utilize a technical capa-

bility configured to remove, to the extent fea-

10

sible, any personal information of or identifying

11

a specific individual contained within such indi-

ARM15K66

S.L.C.

2
1

cator that is not necessary to describe or iden-

tify a cybersecurity threat.

EAS15783

S.L.C.

AMENDMENT NO.llll

Calendar No.lll

Purpose: To require procedures to notify a person whose

personal information is improperly shared or disclosed.
IN THE SENATE OF THE UNITED STATES114th Cong., 1st Sess.

S. 754
To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity
threats, and for other purposes.
Referred to the Committee on llllllllll and
ordered to be printed
Ordered to lie on the table and to be printed
AMENDMENT intended to be proposed by Mr. WYDEN
Viz:
1

On page 12, between lines 7 and 8, insert the fol-

2 lowing:
3

(F) include procedures for notifying in a

timely manner any person whose personal infor-

mation is known or determined to have been

shared or disclosed in contravention of this Act.

MRW15D98

S.L.C.

AMENDMENT NO.llll

Calendar No.lll

Purpose: To require the Secretary of Commerce to reconsider

and revise the proposed rule on the implementation of
the Wassenaar Arrangement 2013 Plenary Agreements
relating to intrusion and surveillance items.
IN THE SENATE OF THE UNITED STATES114th Cong., 1st Sess.

S. 754
To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity
threats, and for other purposes.
Referred to the Committee on llllllllll and
ordered to be printed
Ordered to lie on the table and to be printed
AMENDMENT intended to be proposed by lllllll
Viz:
1

At the appropriate place, insert the following:

SEC. ll. RECONSIDERATION OF PROPOSED RULE ON IM-

PLEMENTATION OF WASSENAAR ARRANGE-

MENT 2013 PLENARY AGREEMENTS RELAT-

ING

ITEMS.

TO

INTRUSION

AND

SURVEILLANCE

(a) IN GENERAL.Not later than 15 days after the

8 date of the enactment of this Act, the Secretary of Com9 merce shall

MRW15D98

S.L.C.

2
1

(1) review, and consider public comments re-

ceived with respect to, the proposed rule of the Bu-

reau of Industry and Security, entitled Wassenaar

Arrangement 2013 Plenary Agreements Implemen-

tation: Intrusion and Surveillance Items and pub-

lished on May 20, 2015 (80 Fed. Reg. 28,853); and

(2) revise the proposed rule in accordance with

subsection (b).

(b) REQUIREMENTS

FOR

REVISED RULE.In revis-

10 ing the proposed rule described in subsection (a)(1), the

11 Secretary shall
12

(1) develop the revisions in close consultation

13

with civil society organizations, including privacy ad-

14

vocates, public and private sector technologists, secu-

15

rity researchers, and public and private sector soft-

16

ware developers;

17
18

(2) ensure that the proposed rule is

(A) limited to the scope of the agreements

19

reached

20

Wassenaar Arrangement on Export Controls for

21

Conventional Arms and Dual-Use Goods and

22

Technologies in December 2013; and

at

the

plenary

meeting

of

the

23

(B) consistent with the regulation of cyber-

24

security items by other countries participating

25

in the Wassenaar Arrangement, as appropriate;

MRW15D98

S.L.C.

3
1

(3) exclude cybersecurity items available for

mass-market purchase from regulation under the

proposed rule; and

(4) ensure that, before issuing a final rule

5
6

(A) the proposed rule is available for public comment for not less than 60 days; and

7
8
9
10

(B) a public hearing is held on the proposed rule.

(c) REGULATORY IMPACT ANALYSIS.
(1) IN

GENERAL.Not

later than one year

11

after issuing a final rule based on the proposed rule

12

described in subsection (a)(1) and revised in accord-

13

ance with subsection (b), the Secretary shall conduct

14

a regulatory impact analysis of the effects of the

15

rule on the development and export of cybersecurity

16

items.

17

(2)

PUBLIC

AVAILABILITY.The

Secretary

18

shall make the analysis required by paragraph (1)

19

available to the public.