US cyber information sharing bill sparks privacy concerns

The US Senate will consider a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government, without concern about lawsuits. 

The bill also mandates that information shared with the US government agencies is passed on to the NSA and law enforcement officers in some circumstances, regardless of why the threat information was shared in the first place. 

A number of tech companies have come out against the measure in its current form, arguing it fails to protect users' privacy and does too little to prevent cyber attacks.  

The Computer and Communications Industry Association, a trade group representing Facebook and Google, last week said it opposed the law as it currently stands.  

"CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government," CISA said. 

"In addition, the bill authorises entities to employ network defence measures that might cause collateral harm to the systems of innocent third parties." 

Mozilla also criticised the proposed law for being overly broad in scope and allowing "information to be shared automatically between civilian and military agencies including the NSA". 

"The lack of meaningful provisions requiring companies to strip out personal information before sharing with the government, problematic on its own, is made more egregious by the real-time sharing, data retention, lack of limitations, and sweeping permitted uses envisioned in the bill," Mozilla said. 

Other tech companies, including Twitter and Yelp, have issued similar concerns about the proposed bill. 

The US House of Representatives passed its version of the bill in April, and senators have so far offered more than 20 amendments. 

Any version of CISA passed by the Senate would have to be reconciled with the House bill before it could be sent to US President Barack Obama to sign into law.