After a series of spectacular cyber attacks on companies like Sony, Anthem and Target, Congress is pushing forward a bill to increase data sharing about security and hacks between private companies and the federal government.
The proposals address concerns from the business community that sharing data with the government could open them up to litigation from consumers; the companies that share data would be granted immunity.
The bills also address privacy concerns by requiring companies and government to try to scrub personally identifying information from the data. But that doesn’t mean all the right information will be scrubbed.
“What we have seen in the surveillance context is the procedures don’t actually protect privacy,” says Mark Jaycox, legislative analyst with the Electronic Frontier Foundation.
Matt Blaze, professor of computer science at the University of Pennsylvania, says the focus on data sharing was “baffling” and it would be better to encourage better security practices. “These systems are very weak to begin with,” he says.
And the version passed by the House Intelligence Committee would hand that shared data over to the NSA and parts of the Department of Defense, according to Gregory Nojeim, senior counsel at the Center for Democracy & Technology.
That, Nojeim says, could discourage data sharing because some big tech companies have promised not to fork over users’ data writ large to the government.
That same House Intelligence Committee version also permits data obtained to be used in criminal prosecutions, according to Nojeim. If both the Intelligence Committee and a competing version from the Homeland Security Committee pass, it will be up to House leadership to decide which elements make it into the final version.