The Senate Intelligence Committee voted 12-3 on Tuesday to approve a cybersecurity bill authored by Senate Intelligence Committee Chairman Dianne Feinstein and Vice Chairman Saxby Chambliss. Known as the Cybersecurity Information Sharing Act, it would essentially remove the legal restrictions that currently bar companies from sharing information with the government.
The text of the bill has not been released to the public yet, but Feinstein released a statement earlier this week claiming that the bill would increase the amount of information related to cybersecurity threats and defensive mechanisms that can be shared between the government and businesses, including those in the private sector.
Feinstein argued without these changes, businesses and the U.S. government will be subject to cyber threats that often result in losses of large amounts of money as well as the theft of Americans’ personal information.
Though they haven’t had access to the text of the legislation, about 20 different privacy and civil liberties advocates have expressed concern about the bill, which is similar to bills proposed in the last few years. They point out that the language strips Americans of their rights to privacy and allows the National Security Agency to obtain information on Americans.
Feinstein shared that under the new Cybersecurity Information Sharing Act, the director of national intelligence would be allowed to share classified and unclassified information with businesses in the private sector; individuals and companies would be authorized to monitor computer networks of consenting customers and implement measures to block threats; and the federal government would be required to create a “portal,” managed by the Department of Homeland Security, where cyber information would be shared.
“Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” Feinstein said. “Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyber attacks.”
Chambliss agreed that it is time for Congress to address the global cyber threat. In a statement, he said, “American businesses are attacked daily by criminals seeking trade secrets or customer’s credit card information, while the government defends our systems against cyber attacks from criminal organizations, nation-states, and terrorists seeking to harm and kill Americans. In order to protect ourselves from these attacks, we must all work together.”
Other changes under the new cybersecurity measure include liability protections and rules regarding how cyber threat information is shared and with whom. It would also create an oversight committee to ensure the information is being shared properly. The bill will reportedly not affect intelligence programs, net neutrality or cyber standards.
Feinstein and Chambliss reportedly wrote the legislation after compiling information they gathered while attending briefings and meetings with federal officials tasked with ensuring that government agencies and officials are protected from cybersecurity threats, as well as meetings with representatives from the private sector.
Given that the public doesn’t yet have access to the bill, it’s difficult to gauge how effective the legislation will be in preventing cyber attacks. It’s also not clear how and when companies would be allowed to share information, which is a concern for many privacy advocates.
Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation, hasn’t seen the bill, either, but based on Feinstein’s statement and explanation of the legislation, he said, “The bill appears to retain many of the same problems that President Obama pointed to when he threatened to veto CISPA in both 2012 and 2013,” including problems related to privacy.
Privacy concerns were given as the reason why Senators Ron Wyden and Mark Udall voted against the bill. The senators released a joint statement after the passage of the bill, explaining that they voted against the legislation because “we have seen how the federal government has exploited loopholes to collect Americans’ private information in the name of security.”
“The only way to make cybersecurity information-sharing effective and acceptable is to ensure that there are strong protections for Americans’ constitutional privacy rights.”
The identity of the third person who voted against the bill is not yet known.
“To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them,” Feinstein said in her statement. “This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information.”
Now that the bill has passed through the committee, it will move to the Senate and House, where the bill is receiving bipartisan support. While House Intelligence Committee Chairman Mike Rogers has expressed support for the legislation, along with Rep. Dutch Ruppersberger, Feinstein and Chambliss continue to plug the bill and ask their colleagues to support the legislation for the good of the country.
“The legislation passed out of committee [Tuesday] is a strong, bipartisan bill that encourages the private sector and the government to share information voluntarily about these threats, without fear of frivolous lawsuits and without unnecessary bureaucratic obstacles,” Chambliss added. “The cyber threats to our nation are all too real. The Senate should take up and pass this bill before the August recess.”
If the bill passes both houses, it will head to President Barack Obama’s desk for signing.
Groups such as the American Civil Liberties Union say they hope the bill doesn’t make it that far. Given all of the NSA revelations in the past year, they say it’s surprising that Congress wouldn’t be more diligent in ensuring Americans’ privacy was protected.