http://news.yahoo.com/cybersecurity-senate-poised-pass-bill-push-sharing-175112330--finance.html#
WASHINGTON (AP) — The Senate passed a bill Tuesday aimed at improving cybersecurity by encouraging companies and the government to share information about threats. It took roughly six years to win approval for such a program.
The
Senate rejected amendments, including one addressing concerns that
companies could give the government personal information about their
customers. Another failed amendment would have eliminated part of the
bill that would keep secret information about which companies
participate and what they share with the government.
The bill's
co-sponsors, Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C.,
said the measure was needed to limit high-profile cyberattacks, such as
the one on Sony Pictures last year."From the beginning we committed to make this bill voluntary, meaning that any company in America, if they, their systems are breached, could choose voluntarily to create the partnership with the federal government. Nobody's mandated to do it," Burr said.
Companies
would receive legal protections from antitrust and consumer privacy
liabilities for participating in the voluntary program.
Sen. Ron Wyden, D-Ore., who opposed the bill, offered an amendment addressing privacy concerns, but it failed to pass. It would have required companies to make "reasonable efforts" to remove unrelated personal information about their customers before providing the data to the government.
"You just can't hand it over," Wyden said. "You've got to take affirmative steps, reasonable, affirmative steps, before you share personal information."
Senators also rejected an amendment Sen. Patrick Leahy, D-Vt., had offered that would have removed a provision to keep secret more information about materials that companies provide to the government. Leahy criticized the bill's new exemption from the U.S. Freedom of Information Act as overly broad because it pre-empts state and local public information requests, and it was added without public debate.
The
Sunshine in Government Initiative, a Washington organization that
promotes open government policies, urged the Senate last week to support
Leahy's amendment. The AP is one of at least nine journalism groups
that are members of the organization.
Despite the lengthy road to pass the Senate bill, it's unclear
whether it would improve Internet security. Participation is voluntary
and companies have long been reluctant to tell the U.S. government about
their security failures.
"Passing
the bill will have no effect on improving cybersecurity," said Alan
Paller, director of research for the SANS Institute. "That's been
demonstrated each time sharing legislation has been passed. The cost to
companies of disclosing their failings is so great that they avoid it
even if there is a major benefit to them of learning about other
peoples' failings."
Senators passed an amendment by Sen. Jeff Flake, R-Ariz., that limited the bill to 10 years.Cyberattacks have affected an increasing number of Americans who shop at Target, use Anthem medical insurance or saw doctors at medical centers at the University of California, Los Angeles.
More than 21 million Americans recently had their personal information stolen when the Office of Personnel Management was hacked in what that the U.S. believes was a Chinese espionage operation.
Sen. John McCain, R-Az.,
chairman of the Senate Committee on Armed Services, called the bill's
passage an important first step. He noted that in the past year the
United States has been attacked in cyberspace by Iran, North Korea,
China and Russia and that there had been attacks against the Joint
Chiefs of Staff, the Pentagon, OPM and an email hacking of the director
of the Central Intelligence Agency.
The
U.S. and the technology industry already operate groups intended to
improve sharing of information among the government and businesses,
including the Homeland Security Department's U.S. Computer Emergency
Readiness Team.
"What this
bill means is more internet users' personal information being funneled,
will be directed to, the National Security Agency under a cybersecurity
umbrella," said Greg Nojeim, senior counsel for the Center for Democracy
and Technology, a Washington-based civil liberties group. "A company
can't both participate in this program and promise its users that it
will not volunteer their personal information to the NSA."
Presidential
candidates Sen. Bernie Sanders, I-Vt., and Rand Paul, R-Ky., had
opposed the bill, although Paul and fellow presidential candidates Sens.
Ted Cruz, R-Texas; Marco Rubio, R-Fla., and Lindsey Graham, R-S.C.,
each did not vote Tuesday. The White House has said it supports the
information-sharing bill.
0 comments:
Post a Comment