House passes “Protecting Cyber Networks Act” despite privacy and security concerns

Access calls on President Obama to veto legislation

Washington, DC – Today, the House of Representatives passed H.R. 1560, the Protecting Cyber Networks Act (PCNA). The bill would create a program for companies to send more information to government agencies, operated under the head of U.S. intelligence. It would grant companies broad legal protections for this activity.

“Giving so much private information to the government with so few privacy protections amounts to cyber surveillance,” said Nathan White, Senior Legislative Manager at Access. “Our privacy and security are non-negotiable. Cybersecurity policies should promote better protection of our digital information, not create new surveillance powers.”

The PCNA permits companies to send information, including personally identifiable information and content, to the government. The bill then requires the government to disseminate that information amongst “relevant agencies,” including the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). Law enforcement would be empowered to the use shared information to investigate an array of crimes, even some with no relationship to cybersecurity.

“This bill creates entirely new security risks by allowing companies to ‘hack back,’ behavior that could make the internet even less secure,” said Drew Mitnick, Policy Counsel at Access.

During its markup, the House neglected to improve privacy under the bill, though it did approve a seven-year sunset amendment. Tomorrow, the House of Representatives will vote on another information sharing bill, the National Cybersecurity Protection Advancement Act (H.R. 1731), and next week the Senate is expected to vote on a third, the Cyber Intelligence Sharing Act (CISA). If the Senate approves CISA, a conference committee would then determine the makeup of the final bill.

“These bills do little to protect the Internet, but rather reward companies who undermine the privacy of their customers. The President should veto any of these bills that reach his desk,” said White.

In 2013, President Obama threatened to veto similar legislation. Access and our partners have compared each piece of so-called cyber sharing legislation against the President’s criteria for veto. A website empowers users to call on Obama to act.