New cybersecurity bill would foster sharing of online data between government, private sector

Leaders of the House Intelligence Committee are introducing legislation to foster the sharing of online information between the private sector and the government to better protect commercial computer networks from cyberattacks.

The bipartisan bill, drafted by committee Chairman Mike Rogers (R-MI) and ranking member Dutch Ruppersberger (D-MD), has strong support from the telecommunications industry but is already raising concerns among civil liberties advocates familiar with the draft. The legislation exempts private firms from liability for sharing data with the government, as well as for any failure to use that data to improve their networks. The goal is to encourage the private sector and the government to exchange the kind of information that could be useful in protecting systems that are critical to the nation’s security and economic interests.

Civil rights advocates, however, are warning that, as written, the bill preempts privacy protections in existing law and lacks adequate measures to ensure that consumer data are not misused by the government. The Cyber Intelligence Sharing and Protection Act of 2011 was crafted to allow the sharing of a variety of data. That data could include Internet protocol addresses a company detects in a hacking incident on its network, or classified threat intelligence from government entities such as the National Security Agency. Companies would not be forced to share data, and could decide which government agency to share it with.