Major cyber security legislation tucked into U.S. spending billReprints
(Reuters) — Companies that share data with the U.S. government for cyber security purposes will get more protection from consumer lawsuits under a measure piggybacked onto a massive federal spending bill unveiled in Congress on Wednesday.
The cyber security proposal, widely supported by the business community, amounts to Congress' first major policy response to hacking attacks of the sort that have hit Target Corp., Home Depot Inc., JPMorgan Chase & Co. and Sony Pictures Inc., as well as several government agencies.
Information-sharing legislation has failed in Congress for years amid privacy advocates' concerns about broadening the surveillance of U.S. citizens by giving more data to the National Security Agency, the government's electronic snooping department.
As an add-on to a must-pass, $1.15-trillion spending bill, the proposal was seen as likelier to become law before the end of the year. Both the Senate and House easily passed versions of the bill earlier this year.
The House was slated to vote on the spending package on Friday. If approved as expected, it would then go to the Senate.
The proposal would widen protections from privacy lawsuits for companies that voluntarily share cyber threat data with the government through the Department of Homeland Security. The data includes IP addresses and routing information that the bill's backers say could be useful in spotting or blocking computer intrusions.
Ann Beauchesne, senior vice president of the U.S. Chamber of Commerce, applauded the legislation as crucial “to help businesses better protect against cyber attacks.”
Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, said the bill required personally identifiable information to be stripped out before companies share any computer code with the government. He said the liability protections would be narrowly applied to those that participate in the voluntary data-sharing program.
Many privacy advocates remain unconvinced the program will be effective and assailed the process of using a government spending bill to attach a policy rider.
“This 'cybersecurity' bill was a bad bill when it passed the Senate and it is an even worse bill today,” Sen. Ron Wyden, an Oregon Democrat, said Wednesday in a statement, adding that it lacked “real, meaningful privacy protections.”