Cyber bill's progress shows shifting mood on threats

A bill that would push companies into sharing information about hacking threats with the US government passed the House of Representatives on Wednesday, in a victory for the Obama administration's main proposal for dealing with growing cybersecurity threats.

The strong bipartisan support for the bill in the House contrasts with the fate of a similar proposal two years ago which was dropped in Congress amid privacy concerns surrounding Edward Snowden's revelations about National Security Agency surveillance.

The politics around the information-sharing idea have shifted in recent months in part because of a series of major security breaches suffered by companies such as Sony and Anthem, as well as the federal government.

The House passed the bill in a 307-116 vote, and a similar bill has already passed the committee stage in the Senate. If final legislation is approved by both houses of Congress, it would represent Washington's most decisive response to rising cyber-threats.

The idea behind the bill is to encourage companies to share information about attacks by hackers with other companies and with federal authorities, who can then compile a more complete picture of the emerging threats and potentially warn other vulnerable parties.

As companies feared potential lawsuits from customers for sharing information with the government, the bill provides them with legal liability protections.

"Businesses across the country are being cyber-attacked billions of times a day," said Adam Schiff, the leading Democrat on the House intelligence committee. "Our bill will ensure that we have the tools to address these attacks by enabling voluntary information sharing of cyberthreats."

The Obama administration has strongly encouraged Congress to pass legislation on information-sharing but has also at times complained that certain bills do not do enough to protect the privacy of customers whose information might end up being handed over to the government. Amid a fierce backlash two years ago over the privacy implications of a previous information-sharing bill, the White House threatened to use its veto.

In a statement on Tuesday, the White House said that the House bill had "improved significantly" but that it still had concerns about the "sweeping liability protections".

Defenders of the bill say that it would effectively allow companies to hand over to authorities the code for suspicious malware, rather than incriminating information about individuals.

However, earlier this week a group of 55 civil rights groups and academics wrote to Congress calling for House members to vote against the bill, which they said would "require federal entities to automatically disseminate to the NSA all cyber threat indicators they receive, including personal information about individuals". They added that the bill would allow law enforcement to use the information to investigate crimes that had nothing to do with cybersecurity.

Another information-sharing bill has already been approved by the House Homeland Security committee. The full House is expected to vote on it later this week, when it will be merged with the text that passed on Tuesday and taken to a conference with the Senate to force a final piece of legislation.

© The Financial Times Limited 2015. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation