CISPA amendment could address top privacy concern

One of privacy advocates' top concerns with a cybersecurity bill could be addressed in an amendment that is circulating among stakeholders. The proposed amendment to the Cyber Intelligence Sharing and Protection Act (CISPA) would ensure that the Homeland Security Department (DHS), a civilian agency, would be the first recipient of cyber threat data from companies.

The amendment would mark a significant concession by the sponsors of CISPA, House Intelligence Committee leaders Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD). The two lawmakers are said to be working on the amendment with House Homeland Security Committee leaders Michael McCaul (R-TX) and Bennie Thompson (D-MS). The amendment was filed just before the House Rules Committee met on April 16 to determine which amendments to CISPA would be voted for on the floor. A copy of the amendment — which does not include any lawmakers' names — has been circulating among stakeholders and on the Hill. The amendment is designed so that companies would only be able to receive the liability protection from future lawsuits granted under the bill if they share malicious source code and other online threats with DHS first. DHS would be able to pass on that threat data to relevant agencies. Companies would still be able to share cyber threat data with the National Security Agency and other departments under existing information-sharing efforts.