The House Intelligence Committee unanimously approved its cyber threat data-sharing bill on Thursday. The measure provides liability protections for companies when sharing cyber attack information with government agencies.
The unanimous vote by the House panel on Thursday for the
Protecting Cyber Networks Act marks the first step in a top
bipartisan legislative priority on how to share information when
a government agency or private company undergoes a cyber attack,
according to The Hill.
“We’re off to a great start,” the Committee’s ranking
member, Adam Schiff (D-Calif.), told reporters after the markup.
“I think the prospect for successful passage of cyber
legislation have gone up dramatically.”
READ MORE: CISA text released: Cyber bill revisions fail to impress
privacy campaigners
The bill is one of three working their way through Congress.
Another is being proposed by the House Homeland Security
Committee to allow data sharing between the Department of
Homeland Security and the private sector. The Senate Intelligence
Committee approved a similar measure in a 14 – 1 vote in early
March, though it came under withering criticism from privacy
advocates. It is uncertain for the moment how the two House bills
and the Senate would merge for a conclusive vote, but they share
many similarities.
House advances cybersecurity measure despite lingering fears it
may embolden more NSA spying http://t.co/NpIMa8igU6
— Dustin Volz (@dnvolz) March
26, 2015
All three bills would authorize liability protections for
companies so they could exchange cyber threat data with
government agencies.
Government agencies, as well as the retail and banking sectors,
have had repeated cyber attacks exposing the personal details of
millions of Americans. The FBI announced last week that it was
working with Premera Blue Cross regarding 11 million medical
records that were hacked during a breach in 2014.
READ MORE: Premera
Blue Cross cyberattack affected 11 million people’s records
There has been opposition in the past to cyber info-sharing, due
to concerns that it would enhance the National Security Agency’s
surveillance powers. Those fears were raised again after the
House committee moved forward with its bill.
“You have pretty much
non-existent privacy protections, along with new powers to spy on
and monitor users…all while being provided broad
immunity,”Mark
Jaycox, a legislative analyst with the Electronic Frontier
Foundation who is following the House and Senate
bills,toldWired.
READ
MORE: FBI pushing for new domestic and global internet hacking
powers
“It creates a perfect storm for
sharing personal information with intelligence
agencies.’
The House bill actually includes an amendment that would require
companies to strip out personal data about their customers before
submitting the information to a government agency. This amendment
is stronger than the one in the Senate bill, though the bill is
weaker in other areas. For example, unlike the Senate bill, the
House bill allows the government to gather data on threats that
are not “imminent.”
While the House bill states explicitly that the information
cannot be used by the government to highlight individuals for
surveillance, groups like the American Civil Liberties Union say
that is not enough – especially if an agency decides to gather
data under another name.