Senate Intelligence Committee approves cybersecurity sharing bill

Senate Intelligence Committee approves cybersecurity sharing bill

Summary: The bill includes liability protections for individuals and companies that voluntarily choose to share cyberthreat information with the federal government.


The U.S. Senate Intelligence Committee quietly approved a new cybersecurity bill late in the day on Tuesday in a 12-3 vote.

Labeled as the Cybersecurity Information Sharing Act, the legislation was written to encourage and open up more types of information that can be shared between government agencies and the private sector.

Proponents of the bill argue the proposal shores up national security -- especially in the wake of more and more attacks on retail and commercial computer systems, jeopardizing sensitive personal data on millions of people.

The bill includes liability protections for individuals and companies that voluntarily choose to share cyberthreat information with the federal government, which in turn is said to be limited in how it can then use that data for its own purposes.

As the bill covers both classified and unclassified cyberthreat information, federal agencies affected by the proposed measures will need to routinely report how they use the shared information to the Privacy and Civil Liberties Oversight Board and respective inspectors general.

The Cybersecurity Information Sharing Act was co-authored by the committee's chairwoman, Sen. Dianne Feinstein (D-Calif.), and vice chairman, Sen. Saxby Chambliss (R-Ga.).

In a statement on Tuesday, Feinstein asserted, "Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing."

Chambliss concurred, positing that the legislation is "a strong, bipartisan bill that encourages the private sector and the government to share information voluntarily about these threats, without fear of frivolous lawsuits and without unnecessary bureaucratic obstacles."

Chambliss added he hopes the Senate will pass the bill before the summer recess in August.

The committee's updated version of the Cybersecurity Information Sharing Act will be introduced later this week after amendments are incorporated.

Those edits include further liability protections for minors, limitations on how long obtained intel can be saved, a mandatory report from the director of national intelligence, and a provision to allow the Department of Defense to share cyber threat information it receives from defense contractors.

Topics: Government US, Data Management, Legal, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And why would liability protection be required?

    Unless the idea is to encourage sharing of confidential customer data?
    John L. Ries
    • actually, it is to hide from the lawsuits over the loss of customer data...

      As in Target sized exposures.

      Currently, businesses hide the fact that they have been broken into - if they reported it then they could be sued for incompetence...

      The government hopes they will now report it to them so that they don't have to worry about it.

      Like rewarding incompetence...
  • So much for the Fourth Amendment...

    The U.S. Government is (theoretically) legally precluded from acquiring this information, directly, by the Constitution (without a specific "criminal" warrant). However, there has been a long progression of those that assert that the U.S. Constitution only actually protects such "civil rights" of citizens from "Government intrusion" (not violations by "private businesses"). The argument always being that inappropriate violations of people's basic human-rights (by private interests) could, and should, be addressed in "Civil Courts".

    However, now... those in power get exactly what they have ALWAYS wanted. The Government gets any information that they want, without having to publicly demonstrate any, real, justifiable "Probable Cause"... because the information is being collected, and given to them, by "Private interests". And, those "private interests" will be free, and protected, from any "civil liability" in the name of a "Government request".

    Slick... if it weren't so criminally, and treasonously, sickening in its Machiavellian deviousness.