House Passes Cyberthreat Info-Sharing BillMeasure Offers Liability Protection for Info-Sharing
The first of two bills to encourage businesses to share voluntarily cyberthreat information with the federal government by giving them liability protection has won overwhelming approval by the House of Representatives.
In a 307-116 vote on April 22, the House passed the Protecting Cyber Networks Act, sponsored by the chairman and ranking member of the House Intelligence Committee. A vote on a second cyberthreat information sharing bill, the Homeland Security Committee-passed National Cybersecurity Protection Advancement Act, is scheduled for April 23, and that measure is also expected to pass. Under an agreement, both bills will be merged, then sent to the Senate for consideration.
The White House gave its lukewarm endorsement to both bills earlier this week, saying that liability protections being offered businesses to share cyberthreat information are too broad and called for changes in the legislation as the measures wind their way through Congress (Compromise Sought on Info-Sharing Bills). But unlike the two previous congresses, when the House passed similar legislation, the White House did not threaten a presidential veto.
The Senate has its version of cyberthreat information sharing legislation, passed by the Senate Intelligence Committee, but a vote on it has yet to be scheduled. If the Senate passes the measure, a House-Senate conference committee would work out a final version of the bill, with recommendations on compromise language to be offered by the White House.
Strengthening America's Digital Defenses
Speaking from the House floor prior to Wednesday's vote, Intelligence Committee Chairman Devin Nunes, R-Calif., said the legislation would strengthen America's digital defenses so that consumers and businesses will not be put at the mercy of malevolent cyber thieves. "The increasing pace and scope of cyber-attacks cannot be ignored," he said.
Passage of the Protecting Cyber Networks Act is seen as a big victory for businesses, with some saying they are reluctant to share cyberthreat information because of a fear doing so could open them to civil or criminal lawsuits. Businesses sharing cyberthreat information would be protected from such legal actions.
Still, on bill supporter, the Financial Services Roundtable, an industry lobbying group, opposed a provision in the measure to sunset the bill after seven years. "This nation's cybersecurity problems won't dissolve after seven years. If anything, they will become increasingly more complicated," said Roundtable Chief Executive Tim Pawlenty. "The uncertainty caused by the need to reauthorize this legislation will disincentivize businesses from engaging in this critical process, leaving more American consumers at risk for cyberattacks."
Digital rights advocates see the legislation as weakening the privacy and civil liberties of American citizens, in part, because the bill would allow the sharing of cyberthreat information from citizens with intelligence agencies and law enforcement, even though the data would be anonymized. Congressional leaders blocked votes on amendments that would strengthen privacy rights. "By denying the votes, they stymied a necessary debate about privacy and the extent to which Internet users' personal communications information will be shared with the NSA and law enforcement under the cybersecurity umbrella," said Greg Nojeim, director of the Freedom, Security and Technology Project at the Center for Democracy & Technology.