Update: Note that the Hill article referenced below was working with an earlier draft of the amendment. The version introduced today was different from the version made available to the Hill.
Recent reporting of this amendment characterized it as a major privacy improvement, stating that this amendment “would ensure that the Homeland Security Department (DHS), a civilian agency, would be the first recipient of cyber threat data from companies.”
This is false.
The bill still says that:
Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes…share such cyber threat information with any other entity, including the Federal Government.
The liability immunity provisions also remain.
While this amendment does change a few things about how that information is treated within the government, it does not amend the primary sharing section of the bill and thus would not prevent companies from sharing data directly with military intelligence agencies like the National Security Agency if they so choose.
The bill may be voted on at any time. This means there’s little time left to speak out. Please tell your Representative to vote no on the bill: