Privacy groups balk at Senate cyber bill

Privacy and civil liberties groups are coming out against the Senate Intelligence Committee’s new cybersecurity bill before it is even released.

The bill, which has been circulating in draft form, would grant some legal liability protection to companies exchanging cyber threat data with intelligence agencies. Committee members are hoping to introduce and mark up the measure this week.

The draft “disregards the fact that information sharing can — and to be truly effective, must — offer both security and robust privacy protections,” said the privacy groups in a letter to the Intelligence panel’s members.

Groups ranging from the American Civil Liberties Union to the Council on American Islamic Relations to the Sunlight Foundation to numerous top security experts and academics endorsed the letter.

The concerns echo the privacy community’s opposition to a similar Intelligence Committee measure last Congress, known as the Cybersecurity Information Sharing Act (CISA).

That measure stalled after the Senate was unable to move forward on a bill to curb the National Security Agency’s (NSA) surveillance authority. Privacy advocates had worried the bill would give the agency another outlet to collect sensitive data on Americans.

Sen. Dianne FeinsteinDianne Emiel FeinsteinDHS chief takes heat over Trump furor NSA spying program overcomes key Senate hurdle Democrats will need to explain if they shut government down over illegal immigration MORE (D-Calif.), the top Democrat on the Intelligence Committee, told The Hill last week that the panel had retooled CISA to address the privacy concerns that stymied the previous efforts.

“We’ve bent over backwards to try and protect the privacy rights,” she said.

But the coalition disagreed.

The draft would still allow “automatic NSA access to personal information shared with a governmental entity,” it argued.

The bill also fails to “effectively require private entities to strip out information that identifies a specific person prior to sharing cyber threat indicators with the government, a fundamental and important privacy protection,” the groups wrote.

The White House has tried to address these sticking points by encouraging Congress to move on a cyber bill that would put a civilian agency, the Department of Homeland Security (DHS), at the center of the government’s public-private cyber data exchange.

Lawmakers said they've heard the White House does not support the Intelligence Committee's draft.

The administration has released its own legislative proposal and President Obama signed an executive order to further empower the DHS in its cyber info-sharing efforts.

Sen. Tom CarperThomas (Tom) Richard CarperSenate Finance Dems want more transparency on trade from Trump Overnight Energy: California regulators vote to close nuclear plant | Watchdog expands Pruitt travel probe | Washington state seeks exemption from offshore drilling plan Overnight Regulation: Fight erupts over gun export rules | WH meets advocates on prison reform | Officials move to allow Medicaid work requirements | New IRS guidance on taxes MORE (D-Del.), ranking member on the Senate Homeland Security and Governmental Affairs panel, introduced a version of the White House offering.

The full committee is waiting on Intelligence before moving forward with any cyber info-sharing bill.