Cyber data-sharing shield may be part of big U.S. spending billReprints
(Reuters) — Companies that share cyber data with the U.S. government in its fight against hackers would get broadened legal immunity, under a precedent-setting proposal likely to become part of a major spending bill being developed in Congress, sources close to the negotiations said on Tuesday.
If added to the $1.15 trillion spending package, the cyber security proposal would amount to the first serious attempt by Congress to combat the rising threat of debilitating hacks from foreign nation-states and malicious actors that have hit a growing number of businesses and government agencies in recent years.
The spending bill must be approved within days to keep the U.S. government from shutting down and lawmakers were scrambling to attach a host of non-spending related policy riders to the fast-moving measure.
No agreement on the cyber immunity proposal has been finalized, sources cautioned.
The proposal would broaden protections from privacy lawsuits to companies that voluntarily share cyber-threat data with the government through the Department of Homeland Security. That kind of data includes IP addresses and routing information that could be useful in spotting or blocking malicious intrusions and is meant to be scrubbed of personally identifiable information under the legislation.
Privacy advocates and some technology experts have said that more information sharing could mean more government surveillance by the National Security Agency and other spying agencies.
Information-sharing legislation has languished in Congress for years, but different versions easily passed both the Senate and House earlier this year.
According to an undated Obama administration memo seen by Reuters, the White House has been urging Congress to adopt language excluding “unnecessary prohibition” on direct sharing of data with the NSA or other military or intelligence agencies.
Some accused the administration of lobbying for changes to the legislation inconsistent with prior public statements.
The administration declined to comment on the specifics of congressional negotiations, but a senior official said the White House was hopeful lawmakers would “send cybersecurity legislation to the president’s desk as soon as possible.”