A new cybersecurity bill cleared a crucial Senate committee yesterday, paving the way for a full Senate vote. Dubbed the Cybersecurity Information Sharing Act of 2015, the bill has already drawn criticism from privacy advocates as enabling corporate surveillance, although proponents call it a necessary measure for managing the growing number of digital threats facing businesses online. Similar cybersecurity legislation has failed in Congress before under similar circumstances, most notably CISPA in 2011. It's unclear whether the White House will endorse the legislation, although it has proposed similar cybersecurity measures in the past.
Crucially, all of the information shared under the new bill will be volunteered by companies: the bill establishes ground rules for sharing threat information, but doesn't require companies to use it. There are also provisions against retaliatory hacking, introduced out of concern that well-meaning targets might inflict further damage in reaction to an attack. Still, many are still worried about the implications of the bill, particularly Senator Ron Wyden (D-OR), the sole member of the intelligence committee to vote against the bill. "If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name," Wyden wrote in a response to the bill. "I am concerned that the bill the US Senate Select Committee on Intelligence reported today lacks adequate protections for the privacy rights of American consumers."