House Passes Complementary Cyber Information-Sharing Bill

Another cybersecurity bill will move on to the Senate.

A day after the House of Representatives passed an information sharing bill that raised concerns among privacy advocates, the chamber passed the National Cybersecurity Protection Advancement Act on a vote of 355-63 (a rare feat in Congress these days).

The bill, introduced in the House Homeland Security Committee, will allow companies to share information about cyber breaches with the Department of Homeland Security. This bill was far less controversial than The Protecting Cyber Networks Act that privacy advocates characterized as a surveillance bill by another name. The Protecting Cyber Networks Act was aimed at helping companies improve their defense against cyber hacks by sharing information with other companies and the government about cyber hacks. Despite amendments that required two scrubs of personal information from any threat data shared with the government, privacy advocates continue to worry it will give the intelligence apparatus further access to Americans’ personal information.

Privacy advocates did not express the same worries about today’s bill, the National Cybersecurity Advancement Act. However they did not voice support for the measure due to concerns it could be combined with the broader Protecting Cyber Networks Act.

Prior to the vote, an amendment was added to the bill that would require the Government Accountability Office to review the laws impact on American privacy five years after it is enacted. Privacy hawks were calling for a provision that would require the bills to sunset after a time to have such a review. This provision provides a compromise.

Shifting Sights Toward Surveillance Reform

Now it’s likely that we will soon see the House take up the issue of government surveillance reform, as the chamber’s leadership said it first had to address cybersecurity before it could move on to revisions to the PATRIOT Act provision that allows for the bulk collection of American phone records.

It remains unclear if the Senate will tackle these cybersecurity measures before taking on the PATRIOT Act. Mitch McConnell, the Senate majority leader, introduced a bill earlier this week that would extend surveillance under the PATRIOT Act, renewing the bulk metadata collection program until 2020 rather than having it expire on June 1 of this year.

The move comes as a group of bipartisan lawmakers are crafting a bill similar to the FREEDOM Act, a reform bill that eventually gained the support of privacy advocates and failed on the floor last year.

The fight for PATRIOT Act reform is relevant to the two cybersecurity bills that cleared the House this week because these cybersecurity provisions could get caught up in the NSA reform debate and the House’s votes could be for naught. Lobbyists and lawmakers have worked to make this a top legislative priority in the wake of high-profile hacks on companies like Anthem and Sony.

We have less than six weeks until the expiration of Section 215, the PATRIOT Act provision that allows the most controversial NSA collection of Americans’ bulk metadata. That deadline will force Congress to act on surveillance after two years of debate following the Edward Snowden leaks.