A U.S. House committee on Thursday approved a bill that would give the federal government authority to share classified cyber threat information with American companies and allow businesses to share information about threats with others in the private sector.
The bi-partisan Cyber Intelligence Sharing and Protection Act was approved by the House Intelligence Committee by a 17 to 1 vote, according to Bloomberg.
The legislation will enable American businesses to better protect their computer networks and intellectual property from cyber attacks, one of the co-sponsors of the legislation said Wednesday.
"Economic predators, including nation-states, are blatantly stealing business secrets and innovation from private companies," said House Intelligence Committee Chairman Mike Rogers, a Michigan Republican who introduced the legislation along with Dutch Ruppersberger, a Maryland Democrat who serves as a ranking member on the committee. "It will empower participating businesses to share cyber threat information with others in the private sector and enable the private sector to share information with the government on a voluntary basis."
Verizon Communications is among the companies that supports the bill.
"Coordination and information-sharing are now accepted – and expected – practices in preventing crimes that seek to damage critical infrastructure, such as communications networks," said Peter Davidson, Verizon senior vice president for federal government relations, in a statement. "This legislation enables private sector entities to defend their and their customers’ networks, allows them to share cyber-threat data with others in the private sector and the U.S. Government, and improves our nation’s ability to identify and mitigate cyber threats before they can do damage."
The legislation faces opposition from the American Civil Liberties Union, which has raised privacy concerns.
"The Cyber Intelligence Sharing and Protection Act would create a cybersecurity exception to all privacy laws and allow companies to share the private and personal data they hold on their American customers with the government for cybersecurity purposes," the ACLU wrote in a letter to Reps. Rogers and Ruppersberger. "The bill would not limit the companies to sharing only technical, non-personal data. Instead, it would give the companies discretion to decide the type and amount of information to turn over to the government."
The ACLU also expressed concern that the companies would receive full liability protection under the legislation if they shared the information in good faith compliance with the bill even if they committed an "egregious" privacy breach.