Several privacy-bolstering amendments were left out of a contentious information-sharing bill that was approved Wednesday by the U.S. House Intelligence Committee.
The proposed Cyber Intelligence Sharing and Protection Act (CISPA), which supporters say will help the private sector share information about cyber threats with the government without fear of legal consequences, was revived earlier this year by Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., after being approved by the House last April. It was never taken up by the Senate.
Six amendments were approved and four were rejected in the new, marked-up version of CISPA. The approved amendments include one that calls on the law to "reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is not necessary to protect systems or networks from cyber threats or mitigate cyber threats in a timely manner."
But critics believe the law in its current form doesn't go far enough to defend users' privacy.
Among the rejected suggestions for CISPA were three amendments offered by Rep. Jan Schakowsky, D-Ill., one of which would have exempted the Department of Defense, the National Security Agency, and all military branches from directly receiving cyber threat intelligence data from private companies.
Another failed amendment from the congresswoman would have given consumers the ability to legally hold companies accountable for misusing their private information. And Schakowsky also wanted the president to select an officer who would establish policies and procedures on the government's “retention, use and disclosure” of shared data.
Rep. Adam Schiff, D-Calif., also proposed an amendment that was shot down. He wanted companies to “make reasonable efforts” to remove any PII before it was shared with the government. While an amendment was passed to minimize the amount of PII stored and used by the government under CISPA, Schiff's more inclusive suggestion was voted against.
On Thursday, Michelle Richardson, a legislative counsel with the American Civil Liberties Union (ACLU), told SCMagazine.com that from a privacy standpoint, the rejected Schiff amendment was “one of the most important.”
“They [should] strip out the PII when that's possible – when it's not directly necessary to understand the threat, so that companies don't get lazy and over share,” Richardson said."