Menu
Senate panel secretly approves cyberthreat sharing bill

Senate panel secretly approves cyberthreat sharing bill

One senator called the legislation a 'surveillance bill by another name'

A U.S. Senate committee has voted in secret to approve a controversial bill that seeks to encourage businesses to share information about cyberthreats with each other and with government agencies.

The Senate Intelligence Committee, meeting behind closed doors, voted 14-1 late Thursday to approve the Cybersecurity Information Sharing Act [CISA], even though Senator Ron Wyden, who cast the lone vote against the legislation, said it doesn't adequately protect privacy.

"If information-sharing legislation does not include adequate privacy protections, then that's not a cybersecurity bill -- it's a surveillance bill by another name," Wyden said in a statement. The bill would have a "limited impact" on U.S. cybersecurity, he added.

The committee released a discussion draft of the bill last month, but did not publicly release an updated text of CISA before voting to send it to the Senate floor. The committee will release the text of the bill after amendments are added to it, it said in a news release.

The legislation would protect companies that share cyberthreat information from consumer lawsuits and would set up an information-sharing portal at the U.S. Department of Homeland Security, committee leaders said.

Typically, lawmakers introduce legislation weeks before a congressional committee takes action, and committees nearly always vote to amend and approve bills in open meetings. The Senate Intelligence Committee often meets in closed session to discuss intelligence and national security issues, but it's unclear how a cyberthreat information-sharing bill would have an immediate connection to national security.

The Intelligence Committee bill is sponsored by Senator Richard Burr, a North Carolina Republican and committee chairman, and Senator Dianne Feinstein, a California Democrat who has been one of the strongest defenders of U.S. government surveillance programs after leaks by former U.S. National Security Agency contractor Edward Snowden.

CISA narrowly defines what information companies can share, Burr said in a statement. The bill is "critical to securing our nation against escalating cyberthreats," he added. "With risks growing every day, we are finally better prepared to combat cyberattackers with this bill."

After the committee released its discussion draft of the bill, a group of 26 digital rights and privacy groups and 22 security experts signed a letter opposing that version. The discussion draft proposed to give the NSA "automatic access" to personal information shared with government agencies and allowed companies to engage in "dangerous" countermeasures during cyberattacks, said the letter, signed by the Center for Democracy and Technology, the American Civil Liberties Union, the Electronic Frontier Foundation and other groups.

While the committee pledged to add more privacy protections to the discussion draft, it's not clear what those protections are, said Robyn Greene, policy counsel with the New America Foundation's Open Technology Institute.

"The devil is in the details ... and we will be looking very closely at the language to determine whether the changes effectively protect Americans' privacy," Greene said by email. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community."

The committee also held a closed vote on a cyberthreat information-sharing bill during the last session of Congress, when Feinstein was chairwoman. That legislation failed to pass through Congress partly because digital rights and privacy groups voiced privacy concerns.

A similar bill, the Cyber Intelligence Sharing and Protection Act [CISPA] failed to pass through Congress in 2013 after online protests over the amount of information it would allow companies to share.

Still, momentum to pass a cyberthreat sharing bill may be growing. Early this year, President Barack Obama called on Congress to pass a bill that includes privacy protections, but it's unclear how his proposal differs from the Senate Intelligence version.

In February, Senator Tom Carper, a Delaware Democrat, introduced the Cyber Threat Sharing Act, which is similar to Obama's proposal. That bill has been referred to the Senate Homeland Security Committee, but the committee hasn't acted on it yet.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentprivacylegislationBarack ObamaCenter for Democracy and TechnologyElectronic Frontier FoundationU.S. Department of Homeland SecurityTom CarperAmerican Civil Liberties UnionNew America FoundationRon WydenDianne FeinsteinU.S. Senate Intelligence CommitteeRobyn GreeneRichard Burr

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments