The House of Representatives today passed The Protecting Cyber Networks Act on a 307-116 bipartisan vote. The bill aims to remove legal barriers so that American companies can share threat information with one another to defend against hacks, such as those that have recently plagued Sony and Target.
The bills have broad support from the White House and industry groups, including some in tech.
Privacy advocates have criticized information-sharing bills as surveillance bills by another name. They worry that sharing cyber threat information with the government will give surveillance agencies even more access to citizens’ personal information.
But supporters of the bill say that this legislation has been amended to address those concerns, with more provisions than the Cybersecurity Information Sharing Act (CISA) bill that passed the House last year. The Protecting Cyber Networks Act requires two scrubs of personal information from the shared threat information, one by private sector companies and one by the government. They also argue that this bill has stricter provisions that would regulate how the government can use that information. There is no direct sharing with the NSA allowed.
Although the bill has stronger privacy provisions than CISA, that does not mean it’s perfect. Despite amendments, there are still concerns that broad interpretation of the bill could allow government agencies to abuse the information they gather through the bill. CISA never made it to the Senate floor because of such worries last year.
The political climate around cybersecurity has changed since CISA failed last year. Since CISA was considered last year, Sony was hacked, the State Department and White House were breached and health insurance records were compromised at Anthem.
In the past, Congress overlooked the issue of cybersecurity because it faced no public pressure to address it. But after these high-profile hacks, it has backed itself into a corner where it has no option but to pass legislation that will address them. Rather than having a more robust debate about the potential abuses this bill could have, Congress had no choice but to pass the bill. The Sony hack was the final straw that made it clear the government had not done enough to address this issue.
As we prepare for Congress to revisit surveillance reform, we can only hope this is not the PATRIOT Act all over again. It seems both proponents of the bill and the privacy advocates have a strong case when it comes to this bill. It provides a stronger defense for Americans’ civil liberties than past legislation, but only time will tell if those protections go far enough and if this information sharing will effectively thwart future hacks.
The Senate has advanced a similar bill out of the Intelligence Committee. The House will consider another cybersecurity bill, the National Cybersecurity Protection Advancement Act, tomorrow.