Despite privacy protests, the House of Representatives has today passed a controversial cybersecurity bill making it easier for companies to share cyber-threat information with the government and thwart hacks by criminals, terrorists and rogue nations.
The Protecting Cyber Networks Act was approved by lawmakers on a 307-116 bipartisan vote
This was the first action in the new Congress in response to recent high-profile cyber attacks that have included Sony Pictures, Home Depot, JPMorgan Chase, Target, Anthem health insurance, the State Department and the White House.
Privacy advocates are concerned that sharing cyber threat information with the government will give surveillance agencies even more access to citizens’ personal information.
The Senate will next have to approve the bill before it lands on the desk of Pres. Barack Obama, and an autograph from the commander in chief would make it so that firms aren’t liable for the threat info shared with the feds.
“At some point, we need to stop just hearing about cyber attacks that steal our most valuable trade secrets and our most private information, and actually do something to stop them,” Rep. Adam Schiff (D-Ca.) , the committee’s ranking Democrat, said on the House floor.
PCNA’s authors cited the recent high-profile cases of hackers breaching the security of Sony, Target, healthcare provider Anthem, JP Morgan Chase and the State Department, as justification for the new law.
According to the House Intelligence Committee handout, the bill allows for voluntary sharing of information with the government “so companies can better protect their networks and their customers’ private information from hackers and other bad actors.” The government would be required to eliminate all unnecessary personal identification information (PII), and in addition to cybersecurity, the only other uses for the information would be investigations into death threats, espionage, “serious violent felonies” such as rape and kidnapping, and child pornography.
The measure is supported by a wide array of business and financial interests, including the U.S. Chamber of Commerce.
Privacy advocates counter that the PCNA shares the same flaws as the stalled Cybersecurity Information Sharing Act (CISA), which it is reportedly based on. PCNA would “enhance cyber-surveillance while threatening to undermine cybersecurity,” argued Robyn Greene of the Open Technology Institute.