Congress moves quickly on cyberthreat information sharing

A House committee approves a second bill, despite concerns about consumer privacy

The U.S. Congress is moving forward quickly with legislation that would encourage private companies to share cyberthreat information with government agencies, despite concerns that two leading bills weaken consumer privacy protections.

The House of Representatives Intelligence Committee voted Thursday to approve the Protecting Cyber Networks Act (PCNA), just two days after the bill was introduced.

The House bill "is a cybersurveillance bill at least as much as it is a cybersecurity bill, and it is written so broadly that it could wind up making the Internet less safe," Robyn Greene, policy counsel at the New America Foundation's Open Technology Institute [OTI], said by email.

The PCNA requires government agencies to "automatically and indiscriminately" share information they receive with military and intelligence agencies, OTI said in a critique of the bill. The bill would allow other agencies to pass cyberthreat information to the FBI and the National Security Agency, where "it could be used in investigations that have absolutely nothing to do with cybersecurity," Greene said.

While the PCNA limits what personal information businesses can share with government agencies, it doesn't require companies to remove all personal information, OTI added. The bill also authorizes companies to monitor all activities and communications of users as a way to identify threats, OTI said.

The House bill would "explicitly undermine every rule that is currently in place to protect Americans' Internet privacy, and replaces them with dangerously weak protections," Greene added. "It would massively increase companies' monitoring of our online communications and activities, and give them a nearly blank check to share that information with the government."

The action in the House follows a closed-session vote earlier this month by the Senate Intelligence Committee to approve a similar bill, the Cybersecurity Information Sharing Act [CISA]. The next stop for CISA is a vote in the full Senate, and for PCNA, a vote in the full House. PCNA could come to the House floor as soon as April.

CISA has drawn opposition from 48 security experts and privacy advocates, and the House cyberthreat information-sharing bill "draws largely" from it, Greene said.

Both bills would protect companies that share cyberthreat information with each other or with government agencies from consumer lawsuits. Proponents of the cyberthreat information-sharing bills, including many tech companies, argue that more sharing of cyberthreat information can help businesses better respond to attacks, but victims of cyberattacks need assurances that information sharing won't lead to legal problems.

House Intelligence Committee members defended the bill, saying it will help defend U.S. networks against cybercriminals. The bill has strong privacy protections, Representative Devin Nunes, a California Republican and committee chairman, said in a statement.

The bill "helps pave the way for the expeditious passage of cyber information sharing legislation that can help turn the tide against hackers, cybercriminals and malicious state actors, while safeguarding privacy and civil liberties at every step of the way," Representative Adam Schiff, a California Democrat, said in a statement.

The bill came after several months of negotiations that included privacy groups, Schiff said through a spokesman. The committee addressed the main concerns raised by privacy groups, he added. The bill requires companies to remove personal information before sharing information with the government and limits the way government can use the data, he said.

The bill also does not authorize offensive countermeasures against attackers, he noted, even though that would be permitted in other information-sharing proposals.

"Protecting privacy was at the forefront during the process of crafting this bill, and I'm pleased by the progress weve made," Schiff said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags New America FoundationsecurityRobyn GreeneU.S. CongresslegislationgovernmentExploits / vulnerabilitiesprivacyAdam SchiffDevin Nunes

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?