House intel leaders unveil cybersecurity bill
WASHINGTON — Leaders of the House intelligence committee unveiled a bipartisan bill Tuesday that would make it easier for private companies to share cyber threat information with the government to thwart attacks by hackers.
The bill contains stronger privacy protections than previous legislation, said Chairman Devin Nunes, R-Calif., and Rep. Adam Schiff, D-Calif., who will introduce the bill Tuesday afternoon.
The Protecting Cyber Networks Act specifically states that it does not give the government the power to conduct surveillance of any person. Instead, the government would be able to see how a cyber attack occurred and take action to prevent more attacks.
Companies also would report cyber threats to civilian agencies rather than to the Defense Department or the National Security Agency. The NSA is viewed with suspicion by privacy advocates because of its mass collection of the phone records of millions of Americans.
"We're trying to do everything we can to protect civil liberties while protecting our cyber networks," Nunes said at a press briefing.
The Permanent Select Committee on Intelligence will meet Thursday to take up the bill and vote on whether to recommend its approval by the full House.
The bill is similar to one passed earlier this month by the Senate intelligence committee. Both bills offer liability protection to companies to shield them from lawsuits that could arise from the sharing of business records with the government and with one another. Businesses have been reluctant to tell the government about cyber attacks because of their fear of lawsuits from consumers or privacy groups.
One key difference between the two bills is that the Senate bill requires any information shared by private companies to go first through the Department of Homeland Security. The House bill would allow companies to share their cyber threat information with any civilian agency. A bank, for example, could go straight to the Treasury Department for help.
Nunes and Schiff said they have briefed the business community, privacy advocates, other House and Senate committee leaders and the White House on their bill and expect broad support.
Schiff, a strong privacy proponent and the committee's senior Democrat, said he hopes privacy advocates will respond well to provisions that require companies and government agencies to remove consumers' personal data before passing on information about cyber threats.
"We're light years ahead of where we were last session," Schiff said, referring to the strengthened privacy protections.
The bill authorizes companies to engage in defensive measures to protect their networks but does not allow them to "hack back" by taking offensive measures.
Congress has been trying to pass a cybersecurity bill for about five years. The U.S. Chamber of Commerce and other business groups have been pushing Congress to pass a bill to help stop cyber attacks. Lawmakers have made the legislation a priority in the wake of high-profile hack attacks against Sony Pictures, Target and JPMorgan Chase.
Source: USA Today