Privacy concerns resulting from leaks about the National Security Agency’s (NSA) anti-terrorism activities have made many in Congress hesitant to move forward on cybersecurity information-sharing legislation. Among other things, the NSA is responsible for the protection of U.S. government communications and information systems, and it manages national intelligence capabilities to discover critical information about foreign cyber threats.
The Senate Intelligence Committee is expected to soon consider a bill similar to one that passed the House in April – the Cyber Intelligence Sharing and Protection Act (H.R. 624). That legislation seeks to enhance sharing threat information and technical expertise between the government and private sector and across sectors. It provides the government the authority to grant security clearances to the employees of private sector companies for cybersecurity threat sharing and to share classified cyber threat information with those companies.
Proponents of the legislation argue that information-sharing would strengthen the defenses of the nation's critical infrastructure providers, such as utilities, water facilities, financial institutions, and oil and gas pipelines. However, revelations of massive NSA data gathering from telecom and Internet companies have increased concerns that the transfer of data to the government will compromise privacy.
Civil liberty groups argue that intelligence agencies would likely exploit vague language in an effort to gain access to new sources of private data. This has led to calls for scaling back the NSA’s antiterrorism activities, specifically with respect to collecting information on Americans.
While various committees in the House and Senate continue to work on other cybersecurity priorities – such as codifying the Department of Homeland Security’s roles and responsibilities and updating the Federal Information Security Management Act of 2002 – comprehensive legislation is likely to be on indefinite hold until concerns about the NSA’s surveillance programs are addressed.