Summer recess and the election season leave little time to address privacy concerns in Senate bill.
Sens. Dianne Feinstein and Saxby Chambliss, who head the Senate Intelligence Committee, have proposed a bill that would let companies to share information about cyber security threats.
By Tom Risen
Senate lawmakers failed to pass cyber security legislation in 2012, and the bill drafted by Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., faces an uphill battle to break that trend.
The Senate Intelligence Committee postponed a markup of Feinstein's bill that would allow companies to share information about digital threats to help prevent cyber security attacks, so senators will have to move fast to address privacy concerns as the upcoming summer recess and election season will slow the lawmaking process.
Feinstein and the committee's top Republican, Sen. Saxby Chambliss of Georgia, announced a draft of the bill they co-authored this week that would allow companies to monitor their networks to find cybersecurity threats and grant companies legal protection for sharing such information. Feinstein postponed the markup originally scheduled for Thursday since not enough lawmakers would have been present during the meeting.
The White House has long pressured Congress to pass legislation to address gaps in America’s cybersecurity. Nearly half of U.S. adults had personal information stolen during the past 12 months, according to a recent study by the Ponemon Institute, a cyber security research firm, and sharing information on threats is viewed as a step in toward stopping hackers.
The Senate bill directs companies to keep personally identifying information from being shared, and directs the attorney general to ensure the government’s use of cyber security information is limited to appropriate purposes. The legislation also mandates information shared with the federal government must be provided to the Department of Homeland Security and other relevant federal departments, which concerns privacy advocates including the Center for Democracy and Technology.
"The Intelligence Committee has met with and heard from privacy advocates and made changes where appropriate to address their concerns,” Feinstein said in an emailed statement. “I believe the bill strikes a balance between the need to share information to improve cyber security and the need to safeguard the information being shared."
The bill ignores the privacy risks of sharing cyber security information with the government, which have become more pronounced after the revelations about surveillance conducted by the National Security Agency, says Greg Nojeim, senior counsel for the Center for Democracy & Technology. Civil liberties advocates, including the center, published a letter Thursday opposing the bill.
“I would be surprised if the bill became law in its current form,” Nojeim says. “It removes many of the hard fought civil liberty protections that were added to similar Senate legislation in July 2012.”
Lawmakers have disagreed on the legal barriers for what information companies can share about their networks to coordinate on threats from hackers, and have been divided over the privacy rights of customers, particularly in the Democratic-controlled Senate.
The House passed its own version of a cyber security information sharing bill in 2013, and House Intelligence Committee Chairman Mike Rogers, R- Mich., said he remains optimistic on the chances of conferencing the two bills during this session of Congress.
“We continue to resolve our differences on this issue, and I am confident that a final bill that enhances our security while protecting privacy and civil liberties can be worked out quickly in conference,” Rogers said in an emailed statement.
America's companies could use the help from Congress on cyber security. Less than half of companies in PricewaterhouseCoopers’ 2014 U.S. State of Cyber crime Survey took necessary steps to protect themselves, as only 38 percent prioritized security investments based on the risks to their businesses, and only 31 percent have a security strategy for the rapidly growing mobile sector.
http://www.usnews.com/
No comments:
Post a Comment