Cybersecurity

Will privacy groups support the House Intel cyber bill?

House Intelligence Committee leaders say they’ve strengthened privacy measures as much as possible on their bill intended to boost cyber threat data sharing between the public and private sector.

The Protecting Cyber Networks Act, set for a Tuesday afternoon release, has “met really all of the major privacy concerns that were raised last session,” said ranking member Adam Schiff (D-Calif.), during a Tuesday morning roundtable with reporters.

{mosads}The measure provides legal liability protections for companies sharing cybersecurity information with a civilian government agency, such as the Department of Homeland Security.

It’s been a top legislative priority this year for lawmakers, government officials and most industry groups, who argue such sharing is needed to bolster the country’s cyber defenses.

But it’s taken several years to get more civil liberties groups, privacy advocates and many Democrats on board.

Those stakeholders, including Schiff, opposed the House Intelligence Committee’s 2014 cyber info-sharing bill.

They argued that the bill allowed too much data to flow directly to the intelligence community, gave the government too much leeway to use that data and didn’t effectively strip the data of Americans’ personal information.

The White House even issued a veto threat.

Committee leaders believe the new bill has “significantly resolved” each one of these issues, as Schiff put it.

“We dealt with that,” added Committee Chairman Devin Nunes (R-Calif.), during the roundtable.

The Protecting Cyber Networks Act does not allow direct sharing with the National Security Agency (NSA) or Defense Department; it requires all information be scrubbed twice of personal data — once by the companies and once by the civilian agency receiving it — and has narrowed the list of what that information can be used for.

“If we were in the last session,” Schiff said, “and the bill we’re offering today was offered, I think it would have been broadly embraced by the privacy community.”

“So we are starting at a different place,” he added.

But neither Nunes nor Schiff anticipate full privacy advocate support.

Many privacy groups have rebuked a similar bill that recently passed by a 14-1 vote out of the Senate Intelligence Committee. Sen. Ron Wyden (D-Ore.), the lone vote against the bill, called it “a surveillance bill by another name.” 

Even if these bills discourage sharing directly with military agencies like the NSA, they still allow near-instantaneous sharing within the government, some privacy advocates argue.

Many would also like to see the government’s access to the data further restricted and the personal information stripping measures made more aggressive.

“Most of these groups are going to be against this legislation no matter what,” Nunes said Tuesday. “It’s how they stay in business. It’s how they make money.”

If the committee continues to restrict government uses, the bill will eventually become useless, he explained.

“We’re kind of at a point where there’s limited options we have if we actually want to have cyber-sharing occur,” Nunes said.

“I take a somewhat different view,” Schiff added. Nunes, with a laugh, interjected, “I knew you would.”

Schiff explained that he understands not all privacy stakeholders will embrace his bill.

For instance, he said, some privacy advocates believe the government should move on reforming NSA authority before passing any cyber bill that increase data flow to the agency.

Privacy advocates should “not necessarily link the two,” Schiff said.

Intelligence Committee sources also pointed out this is likely the first cyber bill to repeatedly include language directly stating it is not granting new surveillance authority.

“We’ve made it very explicit,” Schiff said. “We’re doing everything we can in good faith … to meet the issues that have been raised.”

Schiff hopes privacy advocates “recognize we’re in a far better place.”