A bill designed to improved cyber security in the US by allowing more information-sharing between companies and the government has been approved by a leading security committee.
But some have voiced concerns that the legislation could be misused by the government to help it once again gather data on innocent citizens.
The US Senate Select Committee on Intelligence voted 12-3 to approve the Cybersecurity Information Sharing Act. The bill was co-authored by committee chairman and Democrat Dianne Feinstein, who said it was a vital step in improving national security.
“Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” she said.
“Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyber attacks.”
Chiefly the bill is designed to make it easier for companies to legally share information relating to cyber security threats with one another and the government, as the nation looks to stop attacks damaging its economy, after a spat of recent attacks, such as on retailer Target in 2013.
Feinstein added: “To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them. This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information.”
The other author of the bill, Republican and vice chairman of the Committee Saxby Chambliss, agreed with these assessments, explaining that the threat faced by firms of all sizes warranted the bill. “It is past time for Congress to address the global cyber threat facing our nation,” he said.
“American businesses are attacked daily by criminals seeking trade secrets or customers’ credit card information, while the government defends our systems against cyber attacks from criminal organisations, nation states and terrorists seeking to harm and kill Americans.”
However, Democrat senators Ron Wyden and Mark Udall who voted against the bill said they were concerned that the new legislation could be abused to spy on citizens, especially in light of revelations around the NSA’s surveillance tactics.
“We have seen how the federal government has exploited loopholes to collect Americans’ private information in the name of security. The only way to make cyber security information-sharing effective and acceptable is to ensure that there are strong protections for Americans’ constitutional privacy rights,” they said.
“Without these protections in place, private companies will rightly see participation as bad for business. We are concerned that the bill lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cyber security.”
The bill must now pass through the full Senate to become law. The House of Representatives has already backed the bill, with leaders of the House Intelligence Committee, Mike Rogers of Michigan and Dutch Ruppersberger of Maryland, urging the Senate to see it through.
“This bill, like the House version, allows American companies to better protect their networks from the daily onslaught of damaging cyber attacks,” they said.
“These attacks cost our country billions of dollars through the loss of jobs and intellectual property. We are confident that the House and the Senate will quickly come together to address this urgent threat and craft a final bill that secures our networks and protects privacy and civil liberties.”
However, the Center for Democracy and Technology also voiced concern with the bill, suggesting none of the lessons from 2013’s spying revelations had been learned, as Gregory Nojeim, a spokesman for the organisation, wrote in a detailed blog post.
“As best we can tell, the bill addresses none of the Snowden revelations about NSA surveillance, and addressing them should be a pre-requisite to advancing cyber security legislation,” he wrote. “Instead, it would funnel more private communications and communications information to the NSA.”