The Senate Intelligence Committee will soon reintroduce its cybersecurity information sharing bill to meet the digital security challenge made to Congress by President Barack Obama, but privacy and civil liberties groups are once again criticizing the potential of the bill to enable broader government surveillance.

The Cybersecurity Information Sharing Act, which has been circulating among the members of the Senate committee in draft form, would allow legal liability to help companies share information about digital threats with intelligence agencies to prevent attacks against networks.



Obama has used executive orders to incentivize companies to share information about data breaches and hacks with government, including by encouraging the creation of organizations to analyze this data, but called upon Congress to match these efforts with cybersecurity legislation.

Members of Congress, however, have failed to pass a comprehensive cybersecurity bill in recent years because of concerns that it would damage consumer privacy – and this latest attempt faces the same challenge.

According to a letter signed by 26 civil society organizations and 22 security experts and published by the Center for Democracy and Technology, the latest data sharing bill endangers privacy by enabling the National Security Agency to access personal information shared with the government, failing to strip out data that identifies users and giving law enforcement broad license on how it uses the data.

“Automatic sharing with NSA risks not only privacy, but also effectiveness,” the letter reads. “During a recent House Intelligence Committee hearing, NSA Director Admiral Mike Rogers stated that sharing threat indicators without filtering out personal data would slow operations and negatively impact NSA’s cyber defense activities.”

By enabling broad powers and broad information sharing ability the bill would act as a kind of “cyber-surveillance,” Robyn Greene, policy counsel with the Open Technology Institute, wrote in a recent blog post.

