Feds Want Companies To Fork Over Data … For Security Purposes
With President Barack Obama’s support, Congress is moving forward with a bill that would encourage private companies to share their unencrypted computer network information and records with federal cybercrime investigators.
The National Cybersecurity Protection Advancement Act has already been approved by the House Intelligence Committee with bipartisan support, and is expected to pass easily in the full House Wednesday, according to The New York Times.
The bill would not actually require private entities to share any information with the government, but does incentivize them to do so by allowing participating firms to utilize the government’s cyber defenses. (RELATED: The Future of Cybersecurity: More Intuitive, More Data Sharing)
Firms that coordinate their cybersecurity efforts with the Department of Homeland Security (DHS) would also receive legal liability protections, limiting their exposure to lawsuits for sharing consumer information, provided they take certain steps to eliminate personal information.
A similar measure was proposed in 2012, but was barely defeated in the Senate amid concerns that the requirements would prove too costly and burdensome for businesses. Since then, however, a number of high-profile security breaches—such as the attacks against Target, JP Morgan Chase, and Sony Pictures—have reinforced the importance of robust cybersecurity and muted opposition to the bill.
To mollify privacy advocates, the bill requires participating companies to remove any information that can be used to identify specific persons and that is unrelated to cybersecurity risks or incidents before sharing data with the government. (RELATED: Government Workers Keep Undermining Cybersecurity)
Obama officially endorsed the legislation in a statement released Tuesday, though he did urge Congress to scale back “sweeping liability protections” that he fears might undermine the bill’s intent.
In particular, Obama argued that, “Appropriate liability protections … should not grant immunity to a private company for failing to act on information it receives about the security of its networks,” warning that such a provision “would remove incentives for companies to protect their customers’ personal information and may weaken cybersecurity writ large.”
A similar measure, the Cybersecurity Information Sharing Act (CISA), was reported out of the Senate Intelligence Committee over the weekend, but faces stronger opposition than the House version, The Hill reports.
As with the House bill, privacy concerns are the main obstacle in the Senate, with opponents expressing concerns that personal information would be shared with government entities such as the National Security Agency. (RELATED: This is Why Ex-NSA Chief Can Charge $1 Million a Month for Cybersecurity)
“However well intended, the bill’s provisions do not adequately direct companies to remove personally identifiable information when sharing cyber threat indicators with the government,” Democratic Sens. Martin Heinrich and Mazie Hirono told The Hill.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.
Top 6 on BarbWire.com
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.