The United States House of Representatives has approved a controversial cyber bill that would encourage companies to share information about computer attacks with the federal government.
On Wednesday afternoon, lawmakers in the House voted 307-116 in favor of the Protecting Cyber Networks Act. It envisions expanded legal liability protections for corporations, if they choose to voluntarily share certain kinds of digital data through a government “cyber portal” administered by the Department of Homeland Security.
The Senate still has to approve the bill before it lands on the desk of President Barack Obama. A signiture from the commander in chief would ensure firms are not liable, concerning the threat of information shared with the feds.
“At some point, we need to stop just hearing about cyber attacks that steal our most valuable trade secrets and our most private information, and actually do something to stop them,” Rep. Adam Schiff (D-Ca.) , the committee’s ranking Democrat, said on the House floor.
The measure is supported by a wide array of business and financial interests, including the U.S. Chamber of Commerce.
— Joe Gerard (@OklaVoter) April 22, 2015
Privacy advocates counter that the PCNA shares the same flaws as the stalled Cybersecurity Information Sharing Act (CISA), which it is reportedly based on. PCNA would “enhance cyber-surveillance while threatening to undermine cybersecurity,” argued Robyn Greene of the Open Technology Institute.
“At a minimum, cybersecurity information sharing legislation must provide for effective civilian control of information sharing between the private sector and the government while placing meaningful limits on the role of military and intelligence agencies like the NSA,” Greene wrote.
Greene said proper cybersecurity legislation should shield innocent Americans’ sensitive information and limit the use of data to investigation and prosecutions of computer crimes, arguing that PCNA did neither. She said the recently proposed National Cybersecurity Protection Advancement Act (NCPA) was much better at addressing privacy concerns, but still allowed too much sharing of “unnecessary” personal information, and the application of counter-measures that could hurt innocent people.