The goal of both bills is to remove legal barriers that prevent companies from sharing information about cyber threats with the government. The Lieberman-Collins bill would also set mandatory cybersecurity standards for critical infrastructure, such as electrical grids.
The civil-liberties groups noted that unlike the Lieberman-Collins bill, Secure IT would not require companies to strip out personally identifiable information, such as names and birth dates, from the information they share with the government.
The bill would give the National Security Agency access to all cyber threat information shared with the government. The civil liberty groups argue that a domestic agency such as the Homeland Security Department would be more appropriate for handling cyber threats.
Secure IT would force companies that contract with the government for communication services to share cyber threat information related to the contract. The groups said that requirement would undermine "private sector autonomy" and would create a "substantial incentive to overshare private information."
The groups also said the bill's immunity provisions are overly broad.