📷 Key players Meteor shower up next 📷 Leaders at the dais 20 years till the next one
WASHINGTON
Health insurance

House intel leaders unveil cyber-security bill

Erin Kelly
USA TODAY
Sony Pictures Plaza building in Culver City, Calif.

WASHINGTON — Leaders of the House Intelligence Committee unveiled a bipartisan bill Tuesday that would make it easier for private companies to share cyber-threat information with the government to thwart attacks by hackers.

The bill contains stronger privacy protections than previous legislation, said Chairman Devin Nunes, R-Calif., and Rep. Adam Schiff, D-Calif., who introduced the bill and have scheduled a committee vote for Thursday.

"We're trying to do everything we can to protect civil liberties while protecting our cyber networks," Nunes said at a press briefing.

The Protecting Cyber Networks Act specifically states that it does not authorize the Department of Defense, the National Security Agency nor any other part of the intelligence community to target a person for surveillance.

Instead, the bill aims to give government agencies the ability to see how a hack occurred and take action to prevent more attacks.

Prep for the polls: See who is running for president and compare where they stand on key issues in our Voter Guide

Companies would report cyber threats to civilian agencies rather than to the NSA or the Defense Department. The NSA, which is part of the Defense Department, is viewed with suspicion by privacy advocates because of its mass collection of the phone records of millions of Americans.

The bill also makes the federal government liable for violations of privacy and civil liberties, and allows citizens who believe their privacy has been violated to seek damages from the government in court.

Nunes said the bill could reach the House floor in April.

A spokesman for the American Civil Liberties Union said the bill appears to be an improvement over earlier versions of the legislation offered in previous sessions of Congress. But he said it still does not go far enough to protect Americans' privacy.

"Based on our very quick read, it does look like the House Intelligence Committee has attempted to at least sprinkle in some new privacy provisions in its version of the bill," said Gabe Rottman, legislative counsel for the ACLU. "But simply saying something protects privacy doesn't abracadabra make it so."

Although companies would share information with civilian agencies, those agencies could still turn over information to the Pentagon or the NSA, the ACLU and other groups point out.

"This bill could still unnecessarily send private information to spy agencies and the military who can then use it broadly for purposes beyond cyber-security," Rottman said. "We need to shore up our existing privacy laws before creating entirely new loopholes."

The ACLU and other privacy advocates have called on Congress to first pass legislation to end the NSA's mass collection of phone data from millions of Americans who are not suspected of terrorist activities or any other crime. Congress is facing a June 1 deadline to decide whether to scrap that program, renew it, or extend it with changes. The program was revealed to the public in June 2013 by former NSA contractor Edward Snowden.

The cyber-security bill announced Tuesday is similar to one passed earlier this month by the Senate Intelligence Committee. Both bills offer liability protection to companies to shield them from lawsuits that could arise from the sharing of business records with the government and with one another. Businesses have been reluctant to tell the government about cyber attacks because of their fear of lawsuits from consumers or privacy groups.

One key difference between the two bills is that the Senate bill requires any information shared by private companies to first go through the Department of Homeland Security. The House bill would allow companies to share their cyber-threat information with any civilian agency. A bank, for example, could go straight to the Treasury Department for help.

Nunes and Schiff said they have briefed the business community, privacy advocates, other House and Senate committee leaders, and the White House on their bill and are optimistic they will receive broad support. Nunes said support from the White House is key for the bill to succeed.

"If (the White House) issue a veto threat or says anything bad about the bill, it's dead," Nunes said. The White House is still reviewing the bill and is expected to provide feedback to the committee soon, committee aides said.​​

Schiff, a strong privacy proponent and the committee's senior Democrat, said he doubted privacy advocates would be completely satisfied with the new bill, but hoped they would be pleased by the improvements. Both Schiff and Nunes said they expect to make changes to the legislation before a final bill is approved by both chambers of Congress.

"We're light years ahead of where we were last session," Schiff said, referring to the strengthened privacy protections.

The bill authorizes companies to engage in defensive measures to protect their networks but does not allow them to "hack back" against cyber criminals.

Congress has been trying to pass a cyber-security bill for about five years. The U.S. Chamber of Commerce and other business groups have been pushing Congress to take action to help them stop cyber attacks. Lawmakers have made the legislation a priority in the wake of recent high-profile hack attacks against Sony Pictures, Target , JPMorgan Chase and Anthem health insurance company.

Follow @ErinVKelly on Twitter

Featured Weekly Ad