House Dem to offer set of amendments to cyber intelligence-sharing bill

Last year, Schakowsky was the lone member on the House Intelligence panel to vote against moving the cybersecurity measure out of committee. CISPA is aimed at allowing companies and the government to relay information about malicious source code and online threats to one another in real time so businesses can take steps to thwart cyberattacks.

One of Schakowsky's amendments would ensure that companies can only report information about cyber threats to civilian agencies, so the military would be barred from handling that data first. This tackles one of the top concerns privacy advocates have raised with the bill.

Privacy groups have warned that CISPA would undermine existing privacy rules by allowing companies to share cyber threat information directly with the National Security Agency (NSA) and the intelligence community. They argue that civilian agencies should lead cyber intelligence-sharing efforts because they are subject to more oversight, unlike the secretive NSA. 

One of the Illinois Democrat's other amendments would narrow the liability protection that companies receive in the bill and would let consumers or other injured parties take legal action against businesses.

"I believe companies should be held accountable for their actions. My amendment would ensure that, while companies are protected while using cybersecurity information to minimize cyberthreats, consumers can hold them accountable for negligence and misconduct," Schakowsky said in a statement to The Hill.

In its current form, CISPA grants companies protection from legal action if they share cyber threat data with the government. They would also not be required to act on cyber threat data they receive from the government.

However, CISPA supporters have argued that liability protection is a critical component in the measure because it would encourage more companies to notify the government about online threats they spot on their networks and seek the assistance they need to address a cyberattack, rather than withhold the data to avert possible lawsuits. 

Schakowsky's final amendment would require the president to designate a person within the government to establish policies that govern how it retains, uses and stores personal information it receives.

The Illinois Democrat plans to back an amendment offered by Rep. Adam Schiff (D-Calif.) that would require companies to strip personal information from threat data prior to sharing it with the government or other peers in the private sector.

It's unclear whether the two Democrats' amendments will muster enough votes to be adopted into the bill. The proposed changes were not included in a list of amendments that Rogers and Ruppersberger said they planned to support during the markup.

Meanwhile, Rep. Jim Langevin (D-R.I.) will offer an amendment that prevents companies from launching retaliatory "hack back" attacks against other entities that have stolen trade secrets and other data from them. The House Intelligence leaders said they would support the amendment during a press call earlier this week.

"While we do not believe CISPA permitted this activity in the first place, because of varying perceptions we are ensuring there is no uncertainty moving forward and making it crystal clear to those who have expressed concern over this issue," said Jonathon Dworkin, a spokesman for Langevin, who added that the amendment is supported by the White House.

Rep. Mike Thompson (D-Calif.) intends to offer a pair of amendments that would expand the oversight measures in the bill.