Congress moves quickly on cyberthreat information sharing

A House committee approves a second bill, despite concerns about consumer privacy

The U.S. Congress is moving forward quickly with legislation that would encourage private companies to share cyberthreat information with government agencies, despite concerns that two leading bills weaken consumer privacy protections.

The House of Representatives Intelligence Committee voted Thursday to approve the Protecting Cyber Networks Act (PCNA), just two days after the bill was introduced.

The House bill "is a cybersurveillance bill at least as much as it is a cybersecurity bill, and it is written so broadly that it could wind up making the Internet less safe," Robyn Greene, policy counsel at the New America Foundation's Open Technology Institute [OTI], said by email.

The PCNA requires government agencies to "automatically and indiscriminately" share information they receive with military and intelligence agencies, OTI said in a critique of the bill. The bill would allow other agencies to pass cyberthreat information to the FBI and the National Security Agency, where "it could be used in investigations that have absolutely nothing to do with cybersecurity," Greene said.

While the PCNA limits what personal information businesses can share with government agencies, it doesn't require companies to remove all personal information, OTI added. The bill also authorizes companies to monitor all activities and communications of users as a way to identify threats, OTI said.

The House bill would "explicitly undermine every rule that is currently in place to protect Americans' Internet privacy, and replaces them with dangerously weak protections," Greene added. "It would massively increase companies' monitoring of our online communications and activities, and give them a nearly blank check to share that information with the government."

The action in the House follows a closed-session vote earlier this month by the Senate Intelligence Committee to approve a similar bill, the Cybersecurity Information Sharing Act [CISA]. The next stop for CISA is a vote in the full Senate, and for PCNA, a vote in the full House. PCNA could come to the House floor as soon as April.

CISA has drawn opposition from 48 security experts and privacy advocates, and the House cyberthreat information-sharing bill "draws largely" from it, Greene said.

Both bills would protect companies that share cyberthreat information with each other or with government agencies from consumer lawsuits. Proponents of the cyberthreat information-sharing bills, including many tech companies, argue that more sharing of cyberthreat information can help businesses better respond to attacks, but victims of cyberattacks need assurances that information sharing won't lead to legal problems.

House Intelligence Committee members defended the bill, saying it will help defend U.S. networks against cybercriminals. The bill has strong privacy protections, Representative Devin Nunes, a California Republican and committee chairman, said in a statement.

The bill "helps pave the way for the expeditious passage of cyber information sharing legislation that can help turn the tide against hackers, cybercriminals and malicious state actors, while safeguarding privacy and civil liberties at every step of the way," Representative Adam Schiff, a California Democrat, said in a statement.

The bill came after several months of negotiations that included privacy groups, Schiff said through a spokesman. The committee addressed the main concerns raised by privacy groups, he added. The bill requires companies to remove personal information before sharing information with the government and limits the way government can use the data, he said.

The bill also does not authorize offensive countermeasures against attackers, he noted, even though that would be permitted in other information-sharing proposals.

"Protecting privacy was at the forefront during the process of crafting this bill, and I'm pleased by the progress weve made," Schiff said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags governmentsecurityprivacylegislationNew America FoundationExploits / vulnerabilitiesU.S. CongressAdam SchiffRobyn GreeneDevin Nunes

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?