Committee approves cybersharing bill despite privacy concerns
The bill would give the NSA access to private information held by U.S. companies, a critic says
IDG News Service - The U.S. House of Representatives Intelligence Committee has approved a recently introduced bill that would allow greater cyberthreat information sharing between U.S. intelligence agencies and private companies even though privacy advocates say it would allow those agencies to spy on U.S. residents.
The committee approved the Cyber Intelligence Sharing and Protection Act late Thursday by a 17-1 vote. The bill, introduced just Wednesday, would allow intelligence agencies to share classified cyberthreat information with approved U.S. companies, while encouraging companies to share their own information with the government or other companies.
The next step for the bill is a vote in the full House. That vote has not yet been scheduled.
The bill will protect privacy, said Representative Mike Rogers, a Michigan Republican and committee chairman. "The decisiveness of the vote shows the tremendous bipartisan support for this bill," he said in a statement. "Through hard work and compromise we have struck a delicate balance that provides strong protections for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks."
The bill would help protect U.S. businesses from cyberespionage, Rogers said.
Information sharing is a good goal, but the bill goes too far, said Jim Dempsey, vice president of public policy for the Center for Democracy and Technology. The bill could give the U.S. National Security Agency new access to personal information held by U.S. companies, given the legislation's broad definition of the kind of information that companies can share with the NSA and other government agencies, he said.
The bill allows companies to share any information pertaining to the protection of information systems, Dempsey said. That "potentially could be all traffic," he said.
The bill, although it says information sharing with the government is voluntary, could also allow the NSA to demand that private companies share their information in exchange for the cyber-threat information the agency has, Dempsey said. "It creates an incentive structure as to who gets the NSA's secret sauce," he said. "We're afraid that the NSA would use that, basically, as a trading card. They would say, 'We'll give you our good stuff, if you give us a lot of your good stuff.'"
The bill would also shift responsibility for cybersecurity from private industry to the government, and from civilian agencies within the government to intelligence and military agencies, Dempsey said. "We think the government should not be involved in monitoring the private-sector networks," he said.
Bill sponsors Rogers and Representative C.A. "Dutch" Ruppersberger, a Maryland Democrat, introduced an amendment, approved by the committee, designed to limit government agencies' use of information they get from private companies.
The amendment prohibits the government from using cyberthreat information unless at least one significant purpose is cybersecurity or national security. It also prohibits the government from searching through any cyberthreat information it receives from the private sector for any purposes not authorized by the bill.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!