Menu
Senate panel secretly approves cyberthreat sharing bill

Senate panel secretly approves cyberthreat sharing bill

One senator called the legislation a 'surveillance bill by another name'

A U.S. Senate committee has voted in secret to approve a controversial bill that seeks to encourage businesses to share information about cyberthreats with each other and with government agencies.

The Senate Intelligence Committee, meeting behind closed doors, voted 14-1 late Thursday to approve the Cybersecurity Information Sharing Act [CISA], even though Senator Ron Wyden, who cast the lone vote against the legislation, said it doesn't adequately protect privacy.

"If information-sharing legislation does not include adequate privacy protections, then that's not a cybersecurity bill -- it's a surveillance bill by another name," Wyden said in a statement. The bill would have a "limited impact" on U.S. cybersecurity, he added.

The committee released a discussion draft of the bill last month, but did not publicly release an updated text of CISA before voting to send it to the Senate floor. The committee will release the text of the bill after amendments are added to it, it said in a news release.

The legislation would protect companies that share cyberthreat information from consumer lawsuits and would set up an information-sharing portal at the U.S. Department of Homeland Security, committee leaders said.

Typically, lawmakers introduce legislation weeks before a congressional committee takes action, and committees nearly always vote to amend and approve bills in open meetings. The Senate Intelligence Committee often meets in closed session to discuss intelligence and national security issues, but it's unclear how a cyberthreat information-sharing bill would have an immediate connection to national security.

The Intelligence Committee bill is sponsored by Senator Richard Burr, a North Carolina Republican and committee chairman, and Senator Dianne Feinstein, a California Democrat who has been one of the strongest defenders of U.S. government surveillance programs after leaks by former U.S. National Security Agency contractor Edward Snowden.

CISA narrowly defines what information companies can share, Burr said in a statement. The bill is "critical to securing our nation against escalating cyberthreats," he added. "With risks growing every day, we are finally better prepared to combat cyberattackers with this bill."

After the committee released its discussion draft of the bill, a group of 26 digital rights and privacy groups and 22 security experts signed a letter opposing that version. The discussion draft proposed to give the NSA "automatic access" to personal information shared with government agencies and allowed companies to engage in "dangerous" countermeasures during cyberattacks, said the letter, signed by the Center for Democracy and Technology, the American Civil Liberties Union, the Electronic Frontier Foundation and other groups.

While the committee pledged to add more privacy protections to the discussion draft, it's not clear what those protections are, said Robyn Greene, policy counsel with the New America Foundation's Open Technology Institute.

"The devil is in the details ... and we will be looking very closely at the language to determine whether the changes effectively protect Americans' privacy," Greene said by email. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community."

The committee also held a closed vote on a cyberthreat information-sharing bill during the last session of Congress, when Feinstein was chairwoman. That legislation failed to pass through Congress partly because digital rights and privacy groups voiced privacy concerns.

A similar bill, the Cyber Intelligence Sharing and Protection Act [CISPA] failed to pass through Congress in 2013 after online protests over the amount of information it would allow companies to share.

Still, momentum to pass a cyberthreat sharing bill may be growing. Early this year, President Barack Obama called on Congress to pass a bill that includes privacy protections, but it's unclear how his proposal differs from the Senate Intelligence version.

In February, Senator Tom Carper, a Delaware Democrat, introduced the Cyber Threat Sharing Act, which is similar to Obama's proposal. That bill has been referred to the Senate Homeland Security Committee, but the committee hasn't acted on it yet.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags New America FoundationU.S. Senate Intelligence CommitteeDianne FeinsteinRobyn GreeneRichard BurrU.S. Department of Homeland SecuritylegislationBarack ObamaprivacyElectronic Frontier FoundationAmerican Civil Liberties UnionRon WydensecurityTom CarperCenter for Democracy and Technologygovernmentdata protection

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments