The Senate Intelligence Committee approved a cybersecurity bill on Tuesday which is intended to help companies and government agencies defend against cyber-attackers.
The Cybersecurity Information Sharing Act would make it easier for businesses and governments to share information with each other about cyberattacks.
Businesses have previously shied away from formal and informal information sharing because of legal barriers.
This bill, if passed, would remove some of these barriers and make it possible for businesses to get the information they need to stop attackers.
“Every week, we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks,” Senate Intelligence Committee Chairwoman Dianne Feinstein said in a statement. “This bill is an important step toward curbing these dangerous cyberattacks.”
The bill was approved in a 12-3 vote. It now goes to the full Senate for a vote. The House last year passed the counterpart to this bill, the Cyber Intelligence Sharing and Protection Act. If this bill passes the Senate, the two versions will be reconciled before going to the president.
“It is extremely important that government and industry put more focus on cyber security,” said Brandon Hoffman of security vendor RedSeal Networks. “It’s great to see a bill like this getting traction and that we are making strides towards improving information sharing,” he said.
Democratic Sens. Ron Wyden and Mark Udall voted against the legislation, saying in a statement that it “lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity.”
The bill includes provisions for privacy, such as requiring companies to strip out personally identifiable data such as names, addresses, and Social Security numbers before sharing the data.
However, privacy groups believe the bill doesn’t go far enough. It could potentially give the government—namely the National Security Agency (NSA)—access to even more information about Americans.
They are concerned companies with vast troves of personal data, such as Google, may turn over the information to the government, in this case the Department of Homeland Security. The concern is that the Department of Homeland Security (DHS) could share this information with other intelligence agencies, such as the NSA.
“Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA,” the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, and dozens of other privacy groups wrote in a letter to senators last month.
Hoffman called the objections from privacy groups “hard to ignore.”
“To help make this bill effective it is imperative that information scrubbing or anonymizing the information without losing the pertinent details be determined,” Hoffman said. “Without a framework for data organization and format, along with appropriate protection, it may simply remain an awareness tactic.”
Feinstein called the bill a “first step” towards improving cybersecurity. She said she hoped it will become law before the end of the year.
“I don’t know what information you would be concerned about that NSA would have in an information-sharing bill,” Feinstein said in an earlier interview with reporters. “If somebody’s hacking, you want [the information] to go where it needs to go.”