Committee approves cybersharing bill despite privacy concerns
The bill would give the NSA access to private information held by U.S. companies, a critic says
IDG News Service - The U.S. House of Representatives Intelligence Committee has approved a recently introduced bill that would allow greater cyberthreat information sharing between U.S. intelligence agencies and private companies even though privacy advocates say it would allow those agencies to spy on U.S. residents.
The committee approved the Cyber Intelligence Sharing and Protection Act late Thursday by a 17-1 vote. The bill, introduced just Wednesday, would allow intelligence agencies to share classified cyberthreat information with approved U.S. companies, while encouraging companies to share their own information with the government or other companies.
The next step for the bill is a vote in the full House. That vote has not yet been scheduled.
The bill will protect privacy, said Representative Mike Rogers, a Michigan Republican and committee chairman. "The decisiveness of the vote shows the tremendous bipartisan support for this bill," he said in a statement. "Through hard work and compromise we have struck a delicate balance that provides strong protections for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks."
The bill would help protect U.S. businesses from cyberespionage, Rogers said.
Information sharing is a good goal, but the bill goes too far, said Jim Dempsey, vice president of public policy for the Center for Democracy and Technology. The bill could give the U.S. National Security Agency new access to personal information held by U.S. companies, given the legislation's broad definition of the kind of information that companies can share with the NSA and other government agencies, he said.
The bill allows companies to share any information pertaining to the protection of information systems, Dempsey said. That "potentially could be all traffic," he said.
The bill, although it says information sharing with the government is voluntary, could also allow the NSA to demand that private companies share their information in exchange for the cyber-threat information the agency has, Dempsey said. "It creates an incentive structure as to who gets the NSA's secret sauce," he said. "We're afraid that the NSA would use that, basically, as a trading card. They would say, 'We'll give you our good stuff, if you give us a lot of your good stuff.'"
The bill would also shift responsibility for cybersecurity from private industry to the government, and from civilian agencies within the government to intelligence and military agencies, Dempsey said. "We think the government should not be involved in monitoring the private-sector networks," he said.
Bill sponsors Rogers and Representative C.A. "Dutch" Ruppersberger, a Maryland Democrat, introduced an amendment, approved by the committee, designed to limit government agencies' use of information they get from private companies.
The amendment prohibits the government from using cyberthreat information unless at least one significant purpose is cybersecurity or national security. It also prohibits the government from searching through any cyberthreat information it receives from the private sector for any purposes not authorized by the bill.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts