Senate leaders reached a deal to advance long-stalled legislation giving companies legal protections for voluntarily sharing information about hacking threats with the U.S. government and each other.
Under the deal unveiled Wednesday, the Senate will vote on as many as 21 amendments largely intended to increase privacy protections and help ensure the bill, S.754, doesn’t create a new government surveillance program.
The votes will be held at a time to be determined after the Senate returns to Washington in September from a recess. The amendments process will help determine whether the bill ultimately has enough votes to pass.
The House version, H.R. 1560, passed in April, and differences between the two will need to be resolved before the legislation is sent to President Barack Obama.
While there is broad agreement that companies should get legal protections for sharing data about online threats, efforts to pass legislation have stalled or failed in the past four years, in part due to concerns over privacy and government spying.
“Nobody can call this a surveillance bill,” Senator Richard Burr, a North Carolina Republican and chairman of the intelligence committee, told reporters Tuesday. “It only addresses exactly what happens in a cyber-attack.”
Obama, lawmakers and company executives have seized on recent high-profile hacking attacks to bolster their case for the legislation.
Hackers linked to the Chinese government are believed to have waged a campaign lasting more than two years that targeted the U.S. Office of Personnel Management, the health-care records on millions of Americans and travel companies. Sony Pictures Entertainment was the victim last year of an attack that crippled thousands of computers and revealed sensitive company information and communications. The U.S. accused the North Korean government of being responsible for the Sony attack.
Companies have resisted providing data to the government about hacking attacks, however, out of concern they could be sued if they accidentally included private information about their customers. They’re also concerned about violating antitrust laws if they share information with competitors.
Under the Senate bill, companies will be required to remove personal information before data is voluntarily shared with the government and agencies will be restricted to only use the data for cybersecurity purposes.