Today in the U.S. House of Representatives, the Permanent Select Committee on Intelligence introduced an internet threat-sharing bill, “The Protecting Cyber Networks Act.”
Like the Cybersecurity Information Sharing Act (CISA), its Senate Select Committee on Intelligence counterpart, The Protecting Cyber Networks Act looks like bad news for internet freedom.
Read the entirety of the bill here (PDF).
The bill contains "stronger privacy protections" than any existing laws, claim Chairman Devin Nunes, R-Calif., and Rep. Adam Schiff, D-Calif., who introduced the bill. A committee vote is scheduled for this Thursday.
Said Chairman Nunes in the statement released with the draft today by the House Committee:
“Gangs of cyber criminals, sometimes supported by hostile governments, are increasing their attacks on U.S. networks and American businesses. These assaults are costing our economy billions of dollars and are compromising American citizens’ personal and financial information. The Intelligence Committee is acting to mitigate this growing problem by advancing a bill that will encourage businesses and the federal government to share information on known cyber threats. These attacks are a genuine national security threat that cannot be tolerated any longer.”
And, Schiff's soundbite:
“Cyber attacks and theft have cost this country billions of dollars and thousands of jobs, and have compromised the private information of millions of Americans. A voluntary cyber information sharing bill will help us defend against this pernicious threat, and the time to act is now.”
From Reuters' coverage:
The intelligence panel is due to vote on the legislation on Thursday. If passed by the committee as expected, aides said they expect a vote in the full House in late April.
Similar legislation is also making its way through the Senate. The House Homeland Security Committee has unveiled its own measure, seen as a companion to the House Intelligence bill.
The measures offer corporations liability protection if they share information with intelligence agencies. Data handed over also would be "scrubbed" twice to remove personal information.
The bills are given a good chance of passing, despite privacy advocates' worries that they do too little to prevent more data collection by the National Security Agency and other U.S. intelligence agencies.
From USA Today's coverage:
A spokesman for the American Civil Liberties Union said the bill appears to be an improvement over earlier versions of the legislation offered in previous sessions of Congress. But he said it still does not go far enough to protect Americans' privacy.
"Based on our very quick read, it does look like the House Intelligence Committee has attempted to at least sprinkle in some new privacy provisions in its version of the bill," said Gabe Rottman, legislative counsel for the ACLU. "But simply saying something protects privacy doesn't abracadabra make it so."
Although companies would share information with civilian agencies, those agencies could still turn over information to the Pentagon or the NSA, the ACLU and other groups point out.
"This bill could still unnecessarily send private information to spy agencies and the military who can then use it broadly for purposes beyond cybersecurity," Rottman said. "We need to shore up our existing privacy laws before creating entirely new loopholes."