The Washington Post

Senate intelligence panel leaders draft cyber legislation

Members of the Senate Intelligence Committee are drafting cyber legislation that would enable companies to share threat data with federal agencies without fear of getting sued, officials said Monday.

Efforts to move comprehensive legislation in this area have failed in recent years, with a bill to establish security standards and ease data sharing going down to defeat in 2012. Recent disclosures about ties between the National Security Agency and telecommunications firms have made it even more difficult to advance legislation that would call for the sharing of data between the government and the private sector.

The House has twice passed information-sharing-only bills — most recently last year — but the Senate has not been able to reach a consensus on the issue.

Still, senior intelligence and military officials recently have renewed calls for legislative action, citing the threat of cyberattacks.

The new, 39-page draft bill, written by Sen. Dianne Feinstein (D-Calif.), chairman of the intelligence committee, and Sen. Saxby Chambliss (Ga.), the ranking Republican, states that no lawsuit may be brought against a company for sharing threat data with “any other entity or the federal government” to prevent, investigate or mitigate a cyberattack.

Protection from lawsuits has been a key demand from industry officials and a point of contention for privacy advocates, who have argued that such an exemption could expose consumers’ data to potential government abuse or even encourage firms that have been hacked to go on the offensive.

In 2012, the advocates persuaded the committee to specify that the threat data could be shared only with a civilian agency. But the new draft leaves open the possibility that data could be sent directly to military or intelligence agencies.

The bill is prompting objections from civil liberties advocates, who say the legislation in its current form is too sweeping.

“This is definitely a step back,” said Gabe Rottman, legislative counsel and policy adviser for the American Civil Liberties Union, who was shown a copy of the draft. “The problem is the definitions of what can be shared and who it can be shared with are too broad. In this draft, companies can share data with the military and the NSA. Given the past revelations, I think it’s important to keep this information in civilian hands.”

A committee aide said staff members were seeking comment so that senators can consider revisions before any formal consideration of the legislation. The bill also would enable the government to share cyberthreat data with industry.

The draft states that information may be shared that “indicates, describes or is necessary” to identify a software vulnerability, computer intrusion or attack. Although it says that personal information should be stripped out before the data are passed on to the government, if the personal information is not “directly related” to the attack, the looseness of the language and the real-time nature of data sharing leave room for error, privacy advocates said.

They also expressed concern that the data could be used not just for cybersecurity but also for foreign intelligence, counterintelligence or law enforcement aims.

Adm. Michael S. Rogers, the director of the NSA and head of the U.S. Cyber Command, said at his confirmation hearing in March that liability protection was “a critical element” of any cyber bill. Rogers, who was confirmed March 31, said such legislation “is a key for our future.”

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.

The Freddie Gray case

Please provide a valid email address.

You’re all set!

Campaign 2016 Email Updates

Please provide a valid email address.

You’re all set!

Get Zika news by email

Please provide a valid email address.

You’re all set!
Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.