Committee approves cybersharing bill despite privacy concerns
The bill would give the NSA access to private information held by U.S. companies, a critic says
IDG News Service - The U.S. House of Representatives Intelligence Committee has approved a recently introduced bill that would allow greater cyberthreat information sharing between U.S. intelligence agencies and private companies even though privacy advocates say it would allow those agencies to spy on U.S. residents.
The committee approved the Cyber Intelligence Sharing and Protection Act late Thursday by a 17-1 vote. The bill, introduced just Wednesday, would allow intelligence agencies to share classified cyberthreat information with approved U.S. companies, while encouraging companies to share their own information with the government or other companies.
The next step for the bill is a vote in the full House. That vote has not yet been scheduled.
The bill will protect privacy, said Representative Mike Rogers, a Michigan Republican and committee chairman. "The decisiveness of the vote shows the tremendous bipartisan support for this bill," he said in a statement. "Through hard work and compromise we have struck a delicate balance that provides strong protections for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks."
The bill would help protect U.S. businesses from cyberespionage, Rogers said.
Information sharing is a good goal, but the bill goes too far, said Jim Dempsey, vice president of public policy for the Center for Democracy and Technology. The bill could give the U.S. National Security Agency new access to personal information held by U.S. companies, given the legislation's broad definition of the kind of information that companies can share with the NSA and other government agencies, he said.
The bill allows companies to share any information pertaining to the protection of information systems, Dempsey said. That "potentially could be all traffic," he said.
The bill, although it says information sharing with the government is voluntary, could also allow the NSA to demand that private companies share their information in exchange for the cyber-threat information the agency has, Dempsey said. "It creates an incentive structure as to who gets the NSA's secret sauce," he said. "We're afraid that the NSA would use that, basically, as a trading card. They would say, 'We'll give you our good stuff, if you give us a lot of your good stuff.'"
The bill would also shift responsibility for cybersecurity from private industry to the government, and from civilian agencies within the government to intelligence and military agencies, Dempsey said. "We think the government should not be involved in monitoring the private-sector networks," he said.
Bill sponsors Rogers and Representative C.A. "Dutch" Ruppersberger, a Maryland Democrat, introduced an amendment, approved by the committee, designed to limit government agencies' use of information they get from private companies.
The amendment prohibits the government from using cyberthreat information unless at least one significant purpose is cybersecurity or national security. It also prohibits the government from searching through any cyberthreat information it receives from the private sector for any purposes not authorized by the bill.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts