The U.S. government has had little success in passing bills to establish security standards and facilitate data sharing between the private and public sectors, but the Senate Intelligence Committee is currently drafting a new bill that would serve that purpose. Senator Dianne Feinstein and Senator Saxby Chambliss co-authored a bill which states that a company cannot be sued for sharing threat data to any entity or the federal government to prevent or investigate a cyberattack.
Protection from lawsuits is one of industry officials’ main concerns in sharing data from cyberattacks with the federal government. Privacy advocates have argued that the federal government could potentially obtain consumers’ personal information from the data and use it for foreign intelligence, counterintelligence, or law enforcement aims.
Privacy advocates criticize the bill’s current form, suggesting that “the looseness of the language and the real-time nature of data sharing leave room for error,” according to The Washington Post.
The draft also allows the sharing of information with different agencies. Data provided by private companies could be shared directly with the military or intelligence agencies, who have been calling for this legislation for sometime. The government will also be able to share cyber threat data with the industry.
“This is definitely a step back,” said Gabe Rottman, legislative counsel and policy adviser for the ACLU. “The problem is the definitions of what can be shared and who it can be shared with are too broad. In this draft, companies can share data with the military and the NSA. Given the past revelations, I think it’s important to keep this information in civilian hands.”