Menu
Congress moves forward on cyberthreat sharing bill despite privacy concerns

Congress moves forward on cyberthreat sharing bill despite privacy concerns

The House may vote this week on a bill that would allow shared cybertheat information to be passed to the NSA and law enforcement agencies

The U.S. House of Representatives may vote on a controversial cyberthreat information sharing bill this week, despite major privacy concerns from many digital rights groups and security researchers.

The Protecting Cyber Networks Act "seriously threatens privacy and civil liberties, and would undermine cybersecurity, rather than enhance it," said a letter sent this week by 55 digital and civil liberties groups, security researchers and academics.

The PCNA, one of two cybersecurity bills that the House may vote on this week, would come to the House floor about a month after it was introduced, an unusually fast process for legislation. Without holding any public hearings on the bill, the House of Representatives Intelligence Committee voted to approve the bill in late March, just two days after it was introduced.

The bill would protect from consumer lawsuits those companies that share cyberthreat information with each other or with government agencies. Proponents of the cyberthreat information-sharing bills, including many tech companies, argue that more sharing of cyberthreat information can help businesses better respond to attacks, but victims of cyberattacks need assurances that information sharing won't lead to legal problems.

But the bill would also authorize companies to expand their monitoring of users' or customers' online activities and permit them to share "vaguely defined" cyberthreat indicators, said the letter from bill opponents, including the American Civil Liberties Union, Free Press, the Electronic Frontier Foundation and the New America Foundation's Open Technology Institute.

The PCNA would also require federal agencies to share all cyberthreat indicators they receive with the U.S. National Security Agency and any other agencies, and would allow law enforcement agencies to use the shared information for several crimes and activities that "have nothing to do with cybersecurity," the letter said.

The bill would also allow companies to deploy "invasive countermeasures, euphemistically called defensive measures," the letter said. Those defensive measures could harm innocent people not involved in cyberattacks and could undermine cybersecurity, the groups said.

While the digital rights and civil liberties groups oppose the bill, three telecom industry trade groups wrote Congress in support of it. The PCNA, along with another cyberthreat information sharing bill being considered by the House, "would provide critically important authorizations for real-time sharing" among private companies and between private companies and the government, said the letter, from CTIA, the National Cable and Telecommunications Association and the United States Telecom Association.

The bills will resolve "legal uncertainties" that prevent companies from sharing cyberthreat information quickly, the groups said.

The House Intelligence Committee has defended the PCNA, disputing allegations that it's a surveillance bill as much as a cybersecurity bill.

The bill does not require companies to share information, only allows voluntary sharing, the committee said in a fact sheet about the PCNA.

"The bill has nothing to do with government surveillance; rather, it provides narrow authority for the government and the private sector to share anonymous cyber threat information," according to the fact sheet. "The bill expressly does not give authority to companies to send information directly to the NSA or the military."

A second cyberthreat sharing bill that may come to the House floor has fewer privacy concerns attached to it. In addition to the PCNA, the House may also vote on the National Cybersecurity Protection Advancement Act this week.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags New America Foundationfree pressNational Cable and Telecommunications AssociationU.S. National Security AgencylegislationprivacyElectronic Frontier FoundationAmerican Civil Liberties UnionUnited States Telecom AssociationsecurityU.S. House of RepresentativesctiaDesktop securityencryptiongovernmentdata protection

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments