Controversial cyber security bill passed in US

security

A cyber security bill, which would allow information about hacking to be shared between companies, has been passed by the US House of Representatives.

The House approved the bill, prompting the top Republican and Democrat on the intelligence committee who sponsored it to issue a joint statement lauding its approval.

"Economic cyber spies will have a harder time stealing American business plans and research and development as the House took the first step today by passing a cyber security bill that will help US companies better protect themselves from dangerous economic predators," the statement said.

The legislation also allows government agencies to share secret cyber threat information with American companies to help the private sector protect its networks.

Critics have raised privacy concerns about the sharing of "threat information" between private network operators and the government, claiming it could lead to agencies collecting data on American communications, which is generally prohibited by law.

House intelligence committee chairman Mike Rogers and senior Democrat C.A. Ruppersberger said changes had been made to the legislation to strengthen privacy provisions, and that Facebook, the U.S. Chamber of Commerce, Boeing, AT&T and others had supported it.

We can't stand by and do nothing as US companies are hemorrhaging from the cyber looting coming from nation states like China and Russia

"We can't stand by and do nothing as US companies are hemorrhaging from the cyber looting coming from nation states like China and Russia," Rogers said.

But amendments favoured by engineering experts and civil rights advocates were not adopted. The legislation would still allow the information from private companies to be used for intelligence and national security purposes, not just cyber security.

The House bill would essentially override "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards," the White House said in a statement.

"The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information."

The administration also faulted the bill's grants of broad immunity from privacy and antitrust lawsuits to the private companies that share threat information with the government and with corporate competitors.

The outlook for the House legislation in the current form is uncertain. It matches up with a Senate bill introduced by Republican John McCain, but Democrats, who control the chamber, are aligned behind a broader bill authored by Senator John Rockefeller and others.

The White House strongly supports that bill, which has provisions that would allow the Department of Homeland Security to direct companies maintaining critical infrastructure, such as water and power utilities, to meet new standards.

The American Civil Liberties Union said the House bill would allow companies to share private information with the government without a warrant and proper oversight.

"Cyber security does not have to mean abdication of Americans' online privacy. As we've seen repeatedly, once the government gets expansive national security authorities, there's no going back. We encourage the Senate to let this horrible bill fade into obscurity," Michelle Richardson, ACLU legislative counsel, said in a statement.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.