Privacy groups balk at Senate cyber bill

Privacy and civil liberties groups are coming out against the Senate Intelligence Committee’s new cybersecurity bill before it is even released.

The bill, which has been circulating in draft form, would grant some legal liability protection to companies exchanging cyber threat data with intelligence agencies. Committee members are hoping to introduce and mark up the measure this week.

The draft “disregards the fact that information sharing can — and to be truly effective, must — offer both security and robust privacy protections,” said the privacy groups in a letter to the Intelligence panel’s members.


Groups ranging from the American Civil Liberties Union to the Council on American Islamic Relations to the Sunlight Foundation to numerous top security experts and academics endorsed the letter.

The concerns echo the privacy community’s opposition to a similar Intelligence Committee measure last Congress, known as the Cybersecurity Information Sharing Act (CISA).

That measure stalled after the Senate was unable to move forward on a bill to curb the National Security Agency’s (NSA) surveillance authority. Privacy advocates had worried the bill would give the agency another outlet to collect sensitive data on Americans.

Sen. Dianne FeinsteinDianne Emiel FeinsteinKudlow slams senators who allegedly traded stock before pandemic Senators demand more details from Trump on intel watchdog firing Zoom, grocery delivery, self-isolation: How lawmakers are surviving coronavirus MORE (D-Calif.), the top Democrat on the Intelligence Committee, told The Hill last week that the panel had retooled CISA to address the privacy concerns that stymied the previous efforts.

“We’ve bent over backwards to try and protect the privacy rights,” she said.

But the coalition disagreed.

The draft would still allow “automatic NSA access to personal information shared with a governmental entity,” it argued.

The bill also fails to “effectively require private entities to strip out information that identifies a specific person prior to sharing cyber threat indicators with the government, a fundamental and important privacy protection,” the groups wrote.

The White House has tried to address these sticking points by encouraging Congress to move on a cyber bill that would put a civilian agency, the Department of Homeland Security (DHS), at the center of the government’s public-private cyber data exchange.

Lawmakers said they've heard the White House does not support the Intelligence Committee's draft.

The administration has released its own legislative proposal and President Obama signed an executive order to further empower the DHS in its cyber info-sharing efforts.

Sen. Tom CarperThomas (Tom) Richard CarperOVERNIGHT ENERGY: Tentative deal would slash global oil production by 10 percent| Democrat questions WH transparency in rollback of bedrock environmental law Democrat questions WH transparency in rollback of bedrock environmental law Overnight Energy: Trump rolls back Obama-era fuel efficiency standards | Controversial Keystone XL construction to proceed | Pressure mounts to close national parks amid pandemic MORE (D-Del.), ranking member on the Senate Homeland Security and Governmental Affairs panel, introduced a version of the White House offering.

The full committee is waiting on Intelligence before moving forward with any cyber info-sharing bill.