Leaders of the Senate Intelligence Committee have reached a compromise on legislation to help protect the country’s cyber networks and will formally introduce the bill shortly, they said Wednesday.
The bill from Committee Chairwoman Dianne FeinsteinDianne Emiel FeinsteinWhat's that you smell in the Supreme Court? New variant raises questions about air travel mandates Progressive groups urge Feinstein to back filibuster carve out for voting rights or resign MORE (D-Calif.) and ranking member Saxby ChamblissClarence (Saxby) Saxby ChamblissFormer Georgia Sen. Max Cleland dies at 79 Effective and profitable climate solutions are within the nation's farms and forests Live coverage: Georgia Senate runoffs MORE (R-Ga.) would allow companies to share more information with each other about cyber threats.
“We have worked together for months to draft a bill that allows companies to monitor their computer networks for cyber attacks, promotes sharing of cyber threat information and provides liability protection for companies who share that information,” the senators said in a joint statement on Wednesday.
“After reaching agreement on draft legislation, we circulated that draft bill language to relevant parties in the executive branch, private industry and the privacy community for comment,” they added. “Once those comments are returned, which we hope will happen quickly, we will consider the final legislation.”
Companies have said current law makes it too difficult for them to share information, which prevents them from collaborating to stop cyber threats. Firms have feared they could be held liable if they release information that showed an internal flaw that could have been fixed, for instance, or that industry discussions could amount to collusion that would draw the eyes of federal regulators.
Earlier this month, the Justice Department and Federal Trade Commission tried to quell some of those fears by announcing that they would not consider discussions about anti-hacking efforts a violation of antitrust laws.
But people across the business and government spectrum say legislation is still needed.
Lawmakers have long sought legislative measures to better protect the country’s cyber infrastructure, out of fear that a “cyber Pearl Harbor” could devastate the country.
The Senate last took on a major cybersecurity bill in 2012, but the effort failed to overcome a filibuster from Republicans wary of aggressive government regulation.
The new Senate bill faces a steep climb, as Congress is also weighing multiple efforts to reform surveillance at the National Security Agency and is staring down the barrel of November’s midterm elections.
The legislation would complement a measure passed by the House last year, called the Cyber Intelligence Sharing and Protection Act (CISPA).
That bill, from House Intelligence Committee Chairman Mike Rogers (R-Mich.) and top Democrat Dutch Ruppersberger (Md.), received pushback from civil liberties activists, who have said it would undermine privacy laws and allow companies to send data to government arms like the NSA or the Department of Homeland Security.
President Obama threatened to veto CISPA over those concerns. In a statement at the time, the White House said the bill “does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities.”
A tech industry lobbying working on the bill said that Feinstein and Chambliss seemed to have “insulated themselves to a certain degree from those criticisms” with the new bill, by making some of the definitions “a lot tighter,” narrowing the scope.
But Gabe Rottman, a policy advisor at the American Civil Liberties Union, said that his organization wasn’t satisfied.
"There aren’t enough checks to prevent sharing with military and intelligence bodies, [so] there’s concern that it could be an end run around the checks on undue surveillance," he said.
“Certainly in light of all of the bulk mass surveillance revelations, I think that there’s going to be a significant debate over this,” he added.
Rogers and Ruppersberger applauded the Senate’s action on Wednesday, and said in a joint statement that the “vital legislation” would help defend the country.
“Private hackers and countries like China, Russia and Iran pose a serious threat to American companies, networks and critical infrastructure,” they said. “The House has already passed its cyber security legislation, and Congress as a whole must act to give these companies the help they need to defend their networks and our economic prosperity.”
Despite the potential for a standoff, the Senate effort is a sign of progress, people involved with the issue said.
Jot Carpenter, the vice president of government affairs at the wireless trade group CTIA, said that he was pleased to see a “renewed focus” on information sharing and liability protection.
“While the draft isn't perfect, it would be great to see it move forward and get us to the point where it can be married up with the bipartisan Rogers-Ruppersberger legislation the House approved last year,” he said in a statement emailed to The Hill.
This story was updated at 4:13 p.m.