<b><i>Online Extra:</b></i> Up to Senate to Vote on Cybersecurity Legislation

Proponents of the Senate bill say it encourages voluntary sharing of cybersecurity threat information, yet still protects privacy rights and civil liberties, as well as increases liability protection to businesses.

'Information sharing is purely voluntary and companies can only share cyberthreat information and the government may only use shared data for cybersecurity purposes,' Sen. Richard Burr (R-NC), said in an earlier statement endorsing the bill. 'This legislation provides important liability protection for entities that share cyberthreat information '. It further requires that both private and government entities remove personal information prior to sharing. These are protocols which will help minimize the threat to the United States and also ensure that our citizens are less likely to experience the same scale of attacks as we've seen in the Sony and Anthem attacks.'

Recently, the House passed two cybersecurity bills:'Protecting Cyber Networks Act, H.R.1560,'and'National Cybersecurity Protection Advancement Act, H.R. 1731. The House bills may be merged into a single bill.

Still, the House bills generated controversy and U.S. senators may seek additional revisions.

One advocacy group, the Center for Democracy & Technology, said the cybersecurity information sharing bills from the House 'go well beyond authorizing necessary conduct and in fact, authorize dangerous conduct harmful to both security and privacy.' The Protecting Cyber Networks Act 'is as much about surveillance as it is about cybersecurity,' the group added.

When asked for comment, Michael Hindelang, an attorney at Honigman Miller Schwartz and Cohn, explained to e-Commerce Law & Strategy's ALM sibling, Legaltech News, that the House proposals intend to 'create faster and easier information sharing so that cyberthreats can be more readily identified and defended against.' He pointed out, as well, that by limiting liability of companies that share information, and creating a way for information to be shared, 'it is likely that more businesses will share information that they would otherwise keep confidential.'

In addition, the House proposal requires companies to review data and remove personal information that is 'not directly related' to the threat, Hindelang said.

'The information can then be shared with appropriate government and industry groups to prepare their defenses to the threat,' Hindelang adds. 'The information that is disclosed is exempted from government information disclosure requirements.' There are other limitations, too, on how the information can be used.

Still, there is 'some significant opposition' to the House proposal, Hindelang said, and some issues may need to be refined.

Jeffrey Neuburger, an attorney with Proskauer Rose, where he heads the Technology, Media & Communications group, said 'many provisions' in the House bill are 'likely to be challenged by privacy advocates, including the right for private entities to monitor information systems for cybersecurity purposes.' He, too, concluded there is 'controversy' around the proposal and predicts it has an 'uncertain' future.

'How the Senate will treat it remains to be seen,' Neuburger told Legaltech News. In addition, some details were deferred and will likely be developed later.

One supporter of the proposals is the American Bankers Association. 'We ' urge the Senate to move forward soon on the Cyber Information Sharing Act,' a statement from the bankers' group said. 'Implementation of these bills would continue to build upon the existing cybersecurity partnership across sectors, which is critical to protecting our country from these threats.'

Among those critical of the House and Senate bills is the Electronic Frontier Foundation (EFF). For example, the EFF in a'statement'called the Senate bill 'not a cybersecurity, but a surveillance bill.'

'The bill adds a new authority for companies to monitor information systems to protect an entity's hardware or software. ' Broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information ' freely with government agencies like the NSA.'

Ed Silverstein'writes for'Law Technology News,'an ALM sibling of'e-Commerce Law & Strategy.

Following the recent approval by the House of Representatives of two controversial cybersecurity bills, it is now up to the Senate to move forward on its proposal, which would encourage the sharing of cyberthreat information.

The Senate Intelligence Committee has already approved the Cybersecurity Information Sharing Act'(CISA)'(S.754), and it could proceed just by a floor vote, according to a Senate staff member.

So far, it is not clear when the full Senate may vote on the proposal, though enacting some form of cybersecurity legislation appears to be a priority after several well-publicized breaches.

Proponents of the Senate bill say it encourages voluntary sharing of cybersecurity threat information, yet still protects privacy rights and civil liberties, as well as increases liability protection to businesses.

'Information sharing is purely voluntary and companies can only share cyberthreat information and the government may only use shared data for cybersecurity purposes,' Sen. Richard Burr (R-NC), said in an earlier statement endorsing the bill. 'This legislation provides important liability protection for entities that share cyberthreat information '. It further requires that both private and government entities remove personal information prior to sharing. These are protocols which will help minimize the threat to the United States and also ensure that our citizens are less likely to experience the same scale of attacks as we've seen in the Sony and Anthem attacks.'

Recently, the House passed two cybersecurity bills:'Protecting Cyber Networks Act, H.R.1560,'and'National Cybersecurity Protection Advancement Act, H.R. 1731. The House bills may be merged into a single bill.

Still, the House bills generated controversy and U.S. senators may seek additional revisions.

One advocacy group, the Center for Democracy & Technology, said the cybersecurity information sharing bills from the House 'go well beyond authorizing necessary conduct and in fact, authorize dangerous conduct harmful to both security and privacy.' The Protecting Cyber Networks Act 'is as much about surveillance as it is about cybersecurity,' the group added.

When asked for comment, Michael Hindelang, an attorney at Honigman Miller Schwartz and Cohn, explained to e-Commerce Law & Strategy's ALM sibling, Legaltech News, that the House proposals intend to 'create faster and easier information sharing so that cyberthreats can be more readily identified and defended against.' He pointed out, as well, that by limiting liability of companies that share information, and creating a way for information to be shared, 'it is likely that more businesses will share information that they would otherwise keep confidential.'

In addition, the House proposal requires companies to review data and remove personal information that is 'not directly related' to the threat, Hindelang said.

'The information can then be shared with appropriate government and industry groups to prepare their defenses to the threat,' Hindelang adds. 'The information that is disclosed is exempted from government information disclosure requirements.' There are other limitations, too, on how the information can be used.

Still, there is 'some significant opposition' to the House proposal, Hindelang said, and some issues may need to be refined.

Jeffrey Neuburger, an attorney with Proskauer Rose, where he heads the Technology, Media & Communications group, said 'many provisions' in the House bill are 'likely to be challenged by privacy advocates, including the right for private entities to monitor information systems for cybersecurity purposes.' He, too, concluded there is 'controversy' around the proposal and predicts it has an 'uncertain' future.

'How the Senate will treat it remains to be seen,' Neuburger told Legaltech News. In addition, some details were deferred and will likely be developed later.

One supporter of the proposals is the American Bankers Association. 'We ' urge the Senate to move forward soon on the Cyber Information Sharing Act,' a statement from the bankers' group said. 'Implementation of these bills would continue to build upon the existing cybersecurity partnership across sectors, which is critical to protecting our country from these threats.'

Among those critical of the House and Senate bills is the Electronic Frontier Foundation (EFF). For example, the EFF in a'statement'called the Senate bill 'not a cybersecurity, but a surveillance bill.'

'The bill adds a new authority for companies to monitor information systems to protect an entity's hardware or software. ' Broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information ' freely with government agencies like the NSA.'

Ed Silverstein'writes for'Law Technology News,'an ALM sibling of'e-Commerce Law & Strategy.