House Cybersecurity Bill, 'Protecting Cyber Networks Act,' To Allow Feds To Share Info On Attacks With Private Industry

Tech companies and government spy agencies will be freer to share information about hacking threats if a bill introduced in the U.S. House Tuesday becomes law. Sponsors say their Protecting Cyber Networks Act has stronger privacy protections than past legislation after privacy advocates complained about invitations to domestic surveillance.

Rep. Devin Nunes, R-Calif., chairman of the House Intelligence Committee, and Rep. Adam Schiff, D-Calif., announced they will put the bill up for a committee vote Thursday. If it passes as expected, the legislation would move to a vote in the full House of Representatives by the end of April, aides told Reuters.

Under the measure, hacked companies would provide information on any suspicious activity to a civilian organization rather than the National Security Agency or the Department of Defense. The Protecting Cyber Networks Act, like a similar bill in the Senate, offers liability protection to companies against lawsuits that could surface when business records are widely shared. The absence of this kind of measure has made businesses reluctant to disclose all the information that might be necessary to prevent similar attacks in the future.

Yet the Senate bill, the Cybersecurity Information Sharing Act of 2015, has inspired fierce opposition from privacy advocates who say vague language gives intelligence agencies too much leeway to define what kind of “defensive measures” they can carry out for “cybersecurity purposes.”

Another key difference between the bills is that the Senate bill would force private companies trying to share information to first send it through the Department of Homeland Security. The House bill has no such stipulation.

The bill doesn’t permit companies to launch retaliatory hacks against parties, or countries, suspected of launching initial attacks (JPMorgan Chase is among the companies known to have pushed for this privilege after being victimized in the past). But it does include parameters prohibiting the NSA from monitoring individual Americans, USA Today reported.

“We’re light years ahead of where we were last session,” said Schiff, a pro-privacy Democrat, during a press conference Tuesday.

Congress has tried unsuccessfully to pass a comprehensive cybersecurity bill for more than four years, only to stifled by Washington gridlock. Calls for reform have grown louder, though, after a series of high-profile data breaches on Anthem health insurance, Sony Pictures and other major corporations.