April 14 — The House Homeland Security Committee approved legislation to boost the sharing of cyberthreat data by U.S. companies, after defeating some Democratic amendments, including a proposed five-year sunset provision.
The bill (H.R. 1731), which was advanced April 14 on a voice vote, would allow dismissal of lawsuits stemming from cybersecurity-related disclosures to the Department of Homeland Security's National Cybersecurity Communications Integration Center (NCCIC) or industry partners.
“Industry needs a safe harbor where legal barriers are removed, appropriate privacy protections are in place, and companies are incentivized to be a full participant with the NCCIC,” Committee Chairman Michael McCaul (R-Texas), who introduced the bill, said at the markup.
While applauding the overall bill, committee ranking member Bennie Thompson (D-Miss.) said the measure's liability protection language might provide relief to companies that act negligently. “It only allows lawsuits where a plaintiff can prove ‘willful misconduct,' ” he said.
A Thompson amendment to place a five-year sunset on the bill was rejected on a 10-15 party-line vote. The panel also rejected language from Rep. Cedric Richmond (D-La.), ranking member of the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, to tweak liability protections in the bill.
Under the legislation, the National Cybersecurity Protection Advancement Act, liability protection would be provided to companies that voluntarily share “cyber threat indicators” or “defensive measures,” except in cases of “gross negligence or willful misconduct.” In order to obtain damages, plaintiffs would have to show by “clear and convincing” evidence that they were injured by such conduct.
Before sharing threat information, companies would be required to remove any personal data, and the NCCIC would be responsible for performing a second scrub.
A House Intelligence Committee version (H.R. 1560) was approved on March 26 in a closed markup.
Action by the full House is expected during the week of April 20, although it was not immediately clear whether the Homeland Security and Intelligence bills will be merged or taken up separately.
“We want them to be complementary and compatible,” McCaul told reporters after the markup. “Whether the vehicle is separate tracks or one is an amendment to the other—that has yet to be decided.”
House Majority Leader Kevin McCarthy (R-Calif.) April 13 expressed optimism about the chances of getting cyberthreat data sharing legislation to the president's desk this year, despite failed attempts in previous Congresses.
Meanwhile, Senate Majority Leader Mitch McConnell (R-Ky.) has said that cybersecurity will be among his legislative priorities for the spring. The Senate Intelligence Committee approved cyberthreat data sharing legislation (S. 754) on March 12.
Privacy advocates are concerned that such legislation may be used for surveillance purposes. A key sticking point is potential data access by the National Security Agency, which has been under fire over controversial surveillance programs.
Robyn Greene, policy counsel for the Open Technology Institute at the New America Foundation, said the McCaul bill, in some respects, takes a more narrow approach and protects privacy a “bit better” than the intelligence committee bills.
“For example, there is no requirement to automatically share information with the NSA—that's an important improvement,” Greene told Bloomberg BNA. “But like the Intelligence Committees' approach, this bill is also based on vague definitions and overbroad authorizations that could seriously threaten Americans' privacy, and its defensive measure provisions could even undermine Internet security. It would authorize sharing information, including personal information, not only about cyber threats, but also about any violation or threat of violation of law.”
Gregory Nojeim, senior counsel for the Center for Democracy & Technology, was disappointed.
“The House Homeland cybersecurity information sharing bill promised to be ‘the best of bunch' in terms of civil liberties protections among the information sharing bills that Congress is considering,” he told Bloomberg BNA. “But the bill falls short, and authorizes monitoring and information sharing for fighting crimes that have nothing to do with cybersecurity.”
The Homeland Security Committee's action was welcomed by the Financial Services Roundtable.
“Congressional action to better protect consumers from cyberattacks is long overdue,” FSR President and CEO Tim Pawlenty said in a statement. “We applaud the House for addressing gaps in our nation’s cybersecurity laws and urge both chambers of Congress to quickly put a bill on the President’s desk.”
To contact the reporter on this story: Alexei Alexis in Washington at aalexis @bna.com
To contact the editor responsible for this story: Heather Rothman at firstname.lastname@example.org
Go to the House Homeland Security Committee website at http://homeland.house.gov/markup/markup-hr-national-cybersecurity-protection-advancement-act-2015.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)