Threat-Sharing Cybersecurity Bill Gets Public Airing

Proposed law to allow American companies to share cybersecurity threats with government, without being sued

The Intelligence Committee of the US House Of Representatives has introduced new legislation to make it easier for companies to share cybersecurity threats with the US government, without being sued.

The Protecting Cyber Networks Act reportedly enjoys “significant bipartisan support” according to Reuters, and therefore runs a high chance of being passed by the US Congress.

Protecting Cyber Networks Act

securityThe Protecting Cyber Networks Act is another political reaction to the ongoing cybersecurity threats faced by many businesses and companies nowadays.

The move comes despite jitters from privacy campaigners, who fear the potential misuse of this data by both the government, and private companies.

“This is a growing concern and getting worse,” Republican Representative Devin Nunes, the intelligence panel’s chairman, was quoted by Reuters as saying.

The intelligence panel is due to vote on the legislation on Thursday, and it is expected to be passed. It will then go before a full House vote in late April.

The idea is that the Act would allow businesses to use a civilian portal, most likely to be run by the Department of Homeland Security, to share cybersecurity threat data with the American government. The data will apparently be “scrubbed” twice to remove personal information.

The measure also reportedly comes with a corporation liability protection, to safeguard the companies from lawsuits. This is because in the past businesses have often been reluctant to tell the government about cyber attacks, due to concern about a lawsuit from consumers or privacy groups.

On plus side, unlike previous legislation, the ‘Protecting Cyber Networks Act’ specifically states that it does not authorise the Department of Defense, the National Security Agency nor any other part of the intelligence community to target a person for surveillance. But it does seek to provide government agencies with the ability to see how a hack occurred and take action to prevent more attacks in the future.

Other Legislation

And it is worth noting that the ‘Protecting Cyber Networks Act’ is not the only legislation of this ilk going through the American political process at the moment.

Another piece of legislation is the controversial Cybersecurity Information Sharing Act, otherwise known as CISA, which is making its its way through the Senate, after being passed 14-1 by that chamber’s intelligence panel.

CISA is also designed to rework how the US government and private businesses and organisations exchange Internet users’ confidential information. In a nutshell, the CISA bill is designed to facilitate the flow of ‘cyber threat’ information between private companies, such as Google, Verizon and Microsoft, and government agencies, such as the FBI or even the NSA.

It is thought that if both the ‘Protecting Cyber Networks Act’ and the CISA legislation gets the needed votes, they would have to be reconciled before President Barack Obama can veto or approve it.

Bills of this nature are raising serious concerns among privacy campaigners, who are concerned about a range of privacy and Internet freedom issues.

A spokesman for the American Civil Liberties Union told the USA Today newspaper that the bill appears to be an improvement over earlier versions of the legislation offered in previous sessions of Congress.

But he said it still does not go far enough to protect Americans’ privacy.

“Based on our very quick read, it does look like the House Intelligence Committee has attempted to at least sprinkle in some new privacy provisions in its version of the bill,” Gabe Rottman, legislative counsel for the ACLU reportedly said. “But simply saying something protects privacy doesn’t abracadabra make it so.”

Are you a pedant on privacy? Try our quiz!