Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
April 22 — The House April 22 passed legislation (H.R. 1560) to shield U.S. companies from liability risks associated with cyberthreat data sharing, after the chamber adopted a seven-year sunset amendment.
The bipartisan bill, which passed on a 307-116 vote, would provide liability protection to companies that voluntarily share “cyber threat indicators” or “defensive measures” with other private entities or a federal agency. Lawsuits stemming from the disclosure of such information would be wiped out unless there is “willful misconduct” by the company.
“As shown by the recent series of debilitating cyberattacks on U.S. companies, America’s digital networks must urgently be secured,” House Intelligence Committee Chairman Devin Nunes (R-Calif.) said in an April 22 statement.
The legislation, titled the Protecting Cyber Networks Act, was authored by Nunes and House Intelligence Committee ranking member Adam B. Schiff (D-Calif.). The committee approved the bill April 14 by voice vote in a closed markup.
The measure is expected to be merged with another cybersecurity measure (H.R. 1731) that the House passed the next day. H.R. 1731 would designate a Department of Homeland Security portal as the main hub for information sharing between private companies and the government. H.R. 1560 wouldn't designate any specific portal, a House Intelligence Committee aide told Bloomberg BNA.
The Obama administration said April 21 that it supported passage of both House bills, although it called for changes to the measures.
The legislation has received strong support from industry groups, but privacy advocates have raised objections about possible use of the data sharing mechanisms to provide information to the National Security Agency.
Critics said the measure would essentially create a back-door government surveillance mechanism, allowing the National Security Agency increased access to Americans' personal data, which could then be used for purposes beyond cybersecurity. Another concern was that the bill's liability protection language was too broadly crafted and would potentially immunize negligence or recklessness.
“At a minimum, House leadership should have given House members a chance to vote on key privacy amendments” to H.R. 1560 Gregory Nojeim, director of the freedom, security and technology project at the Center for Democracy & Technology, said in an April 22 statement. “By denying the votes, they stymied a necessary debate about privacy and the extent to which internet users' personal communications information will be shared with the NSA and law enforcement under the cybersecurity umbrella.”
Members of the Intelligence Committee defended their bill on the floor, saying that it would bolster the nation's cybersecurity while protecting privacy.
“At some point, we need to stop talking about the next Sony, the next Anthem, the next Target, the next JPMorgan Chase, and the next State Department hack, and actually pass a bill that will help ensure that there will be no next cyber attack,” Schiff said.
Rep. Terri A. Sewell (D-Ala.) said the bill includes “many more privacy protections” than the Cyber Intelligence Sharing and Protection Act (CISPA), a version approved by the House in the previous Congress.
Under H.R. 1560, companies would be required to remove any personal information before sharing cyberthreat indicators with the government. The federal agency that receives cyberthreat indicators would be required to perform a second check for personal data before sharing such indicators with other relevant federal agencies.
By voice vote, the House adopted an amendment from Rep. Sheila Jackson Lee (D-Texas) to direct the Government Accountability Office to report to Congress on the actions taken by the federal government to remove personal information from data shared. The House also accepted, by voice vote, an amendment from Rep. Tony Cárdenas (D-Calif.) to instruct the Small Business Administration to encourage sharing with small businesses and financial institutions.
An amendment from Rep. Mick Mulvaney (R-S.C.) to impose a seven-year sunset on the bill was adopted 313-110.
The Financial Services Roundtable issued a statement earlier in the day, saying that such an amendment would “shake the business community’s confidence in the information sharing programs.”
Senate Majority Leader Mitch McConnell (R-Ky.) has said that cybersecurity will be among his chamber's legislative priorities for the spring.
The Senate Intelligence Committee approved cyberthreat data sharing legislation (S. 754) March 12.
To contact the reporter on this story: Alexei Alexis in Washington at aalexis @bna.com
H.R. 1560, as reported in the House, is available at http://www.gpo.gov/fdsys/pkg/BILLS-114hr1560rh/pdf/BILLS-114hr1560rh.pdf.
Further information on the amendments to H.R. 1560 is available at http://rules.house.gov/bill/114/hr-1560.
A comparison of the central provisions of H.R. 1560, H.R. 1731 and S. 754 is available in a Bloomberg Government chart at http://op.bna.com/pl.nsf/r?Open=dapn-9vvjs7.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)