The Senate Intelligence Committee approved legislation Tuesday aimed at helping companies and the government thwart hackers.
But the bill faces opposition from privacy groups, who warn that it could give the National Security Agency access to even more personal information of Americans.
The Cybersecurity Information Sharing Act, advanced in a 12-3 vote, would make it easier for businesses and the government to share information with each other about cyberattacks. Business groups argue that legal barriers are preventing them from getting the information they need to stop hackers.
“Every week, we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks,” Senate Intelligence Committee Chairwoman Dianne Feinstein said in a statement. “This bill is an important step toward curbing these dangerous cyberattacks.”
The legislation includes provisions aimed at protecting privacy, such as requiring that companies that share information first strip out personally identifiable data (such as names, addresses, and Social Security numbers) of known Americans.
But the privacy groups are still worried that the legislation could encourage a company such as Google to turn over vast batches of emails or other private data to the government. The information would go first to the Homeland Security Department, but could then be shared with the NSA or other intelligence agencies.
“Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA,” the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, and dozens of other privacy groups wrote in a letter to senators last month.
Democratic Sens. Ron Wyden and Mark Udall voted against the legislation, saying in a statement that it “lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity.”
The senators said they don’t trust the government not to exploit loopholes to spy on Americans. According to a Wyden aide, the committee defeated an amendment that the Oregon Democrat offered that would have strengthened privacy protections.
The legislation is a counterpart to the Cyber Intelligence Sharing and Protection Act, which passed the House last year.
That legislation prompted a major backlash from Internet activists, who fear it would undermine Internet privacy. More than 100,000 people signed a White House petition opposing the bill, and “CISPA” became a dirty word on many blogs, discussion forums, and news sites.
The White House issued a veto threat on CISPA, saying it lacked adequate privacy safeguards.
“I don’t know what information you would be concerned about that NSA would have in an information-sharing bill,” Feinstein told reporters following the markup, which was closed to the public. “If somebody’s hacking, you want [the information] to go where it needs to go.”
She said the legislation is just a “first step” in improving cybersecurity, and that she is hopeful it will become law before the end of the year.
Sen. Saxby Chambliss, the committee’s top Republican, said the bill is a carefully crafted compromise between business groups and privacy advocates.
“It’s not perfect for anybody,” Chambliss told reporters. “But if we take no action, then cyberattacks are going to continue to occur, and there is the potential for the American economy to be severely disrupted.”