The Senate Intelligence Committee is pushing forward what some are calling a replacement for the Cyber Intelligence Sharing and Protection Act called the "Cybersecurity Information Protection Act" (CIPA). The bill offers many of the same solutions and shortcomings of the CISPA bill that the internet fought so hard to kill last year. The bill written by Senate Intelligence Chair Dianne Feinstein (D-Calif.) and Sen. Saxby Chambliss (R-Ga.) will be up for consideration before the committee next week, according to Feinstein.
"The bill incentivizes the sharing of cybersecurity threat information between the private sector and the government and among private sector entities," Feinstein's office said in a press release. "It responds to the massive and growing threat to national and economic security from cyber intrusion and attack, and seeks to improve the security of public and private computer networks by increasing awareness of threats and defenses."
The bill allows the federal agencies to trade or share classified "cyber threat" information with private companies in exchange for companies voluntarily sharing its users' data.
The sharing that the bill allows includes local, state, and federal law enforcement that is related to any sort of criminal activity. The vagueness of the bill could allow the police to skip the process of getting court orders to set up a wiretap, according to some civil liberties groups.
"This very broad criminal purpose creates the possibility that cybersecurity information sharing becomes a backdoor wiretap, because law enforcement would be receiving information it otherwise would not get unless it showed probable cause," Greg Nojeim, an attorney at the Center for Democracy and Technology, told Motherboard back in April. "You don’t want a world where very robust cybersecurity information sharing turns into a law enforcement tool that’s used to prosecute people for completely unrelated crime."
CIPA would require companies to strip users' identifying information. But if someone is marked as being loosely associated with a "cyber threat," that condition is waived. The bill also reintroduces legal immunity for companies that cooperate with the government.
We will have more on this new bill as more information becomes available.