Cyberthreat Data Sharing Bill Advances Despite Privacy Concerns

    Aug 13, 2014

    After months of soliciting stakeholder input from government agencies and the private sector, the Senate Intelligence Committee in July advanced a bipartisan bill to provide liability protection for cyberthreat data sharing. The Cybersecurity Information Sharing Act (S. 2588) allows for the prompt dismissal of lawsuits against companies that have shared cyberthreat indicators or countermeasures, and it shields businesses from federal antitrust enforcement actions when they have shared cyberthreat information with competitors.

    “Cyberattacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” said Sen. Diane Feinstein (D-CA), chairman of the Intelligence Committee and sponsor of the bill. “Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyberattacks.”

    To address the concerns of privacy advocates, the legislation establishes federal government procedures for the receipt, sharing, and use of cyber information. This includes the establishment of a portal managed by the Department of Homeland Security through which electronic cyber information will enter the government and be shared with other appropriate federal entities. The measure also limits the government’s ability to use information it receives to cyber-related purposes to ensure it does not engage in inappropriate investigations or regulation.

    The legislation is similar to a version that passed the House of Representatives in April 2013 (H.R. 624), which the president threatened to veto. Privacy groups charge that the privacy protections in the Senate measure also could still potentially allow the U.S. government to increase its surveillance of the Internet. They cite a requirement that any cyberthreat indicators shared with any federal government agency also be shared with the National Security Administration and other elements of the Department of Defense.

    However, the Senate bill is seen as more palatable to the White House, although recent reports indicate that the legislation will need to incorporate additional privacy and civil liberties protections before the president would agree to sign it into law.

    Business groups are hopeful that a deal can be struck and a compromise bill can be passed by both the Senate and House during a lame duck session of Congress following the November elections. 

    “What is important is that CISA [the Cybersecurity Information Sharing Act] is headed in the right direction,” said Bruce Josten of the U.S. Chamber of Commerce, in a July 21 letter to the Senate. 

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.


    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International