With the blessing of powerful financial industry proponents — and under criticism from privacy advocates — a cyber security bill that amends previously proposed legislation has passed the Senate Intelligence Committee in a 12 to 3 vote.
The Cybersecurity Information Sharing Act of 2014, sponsored by Sen. Diane Feinstein (D-Calif.) and Sen. Saxby Chambliss (R-Ga.) relies on the federal government and the private sector to voluntarily share information on cyber threats, which its detractors contend will result in information flowing mostly one way — from private industry to government agencies like the National Security Agency (NSA).
Committee Chairwoman Feinstein, in a press release, lauded the Senate's bipartisan effort to pass an “important piece of information” following what she called “a tumultuous year in intelligence."
Among other things, the bill authorizes funding for counterterrorism, collection of intelligence on critical threats and advance IT infrastructure and compels the general counsel of an intelligence agency to alert congressional intelligence committees to significant legal interpretation of the Constitution or federal law regarding intelligence activities.
It also requires the attorney general to set up a process to regularly review official publication of Justice Department Office of Legal Counsel opinions and provides for whistleblower protections for intelligence personnel.
If it becomes law, CISA 2014 will ensure measures to protects the identities of intelligence community employees from disclosure through the Freedom of Information Act.
In a statement issued after the committee gave the bill the nod, two members who cast nay votes, Democratic Senators Ron Wyden of Oregon and Mark Udall of Colorado issued a statement that warned, “We have seen how the federal government has exploited loopholes to collect Americans' private information in the name of security. Without these protections in place, private companies will rightly see participation as bad for business.”
Last week, a group of 22 privacy advocates made much the same argument in a letter to the committee.
Implying that the bill didn't address concerns raised in the aftermath of the spying scandal at the NSA, which they say had “engaged in questionable cybersecurity practices,” the organizations agreed that the legislation didn't include the proper protections on personally identifiable information (PII) or set appropriate boundaries for information-sharing.
Indeed, in an analysis released prior to the Senate committee vote, the Center for Democracy & Technology voiced those criticisms and expressed concern that bill “authorizes broadly-defined cybersecurity countermeasures and provides a good faith defense against claims that a countermeasure unlawfully damaged a network or stored information, encouraging reckless conduct that runs counter to the cybersecurity purpose of the bill.”