Why the House information-sharing bill could actually deter information sharing

[Commentary] The House Intelligence Committee has now adopted a manager’s amendment to what it’s now calling the “Protecting Cyber Networks Act.” Predictably, privacy groups are already inveighing against it.

I fear that the House bill is indeed seriously flawed, but not because it invades privacy. Instead, it appears to pile unworkable new privacy regulations on the private sector information-sharing that’s already going on. The key point to remember is that plenty of private sector sharing about cybersecurity is already going on. There aren’t a lot of legal limits on such sharing, unless the government is getting access to the information. If it is, providers of Internet and telecommunications services can’t join the sharing because an old privacy law bars them from providing subscriber information to the government in the absence of a subpoena. The House bill solves that problem by allowing sharing to occur, “notwithstanding any other law.” But overriding even a dysfunctional and aging privacy law quickens the antibodies of the privacy lobby. So they’ve been pressing for kind of “privacy tax” on information sharing -- specifically, they want assurances that personal data will be removed from any threat information that companies share.