AUDIE CORNISH, HOST:
Many of us have experienced the sinking feeling that comes with finding out your personal information has been compromised. Cyberattacks now seem so common, and the question facing businesses and the government is how to stop them, or at least slow them down. The Senate is considering a bill to make it easier for companies to share information about cyber threats with each other and with the government. But some warn it comes at a cost to your privacy. NPR's Brian Naylor reports.
BRIAN NAYLOR, BYLINE: As data breaches affecting insurance companies, banks, retail stores and the government have become an almost everyday occurrence, Congress has been struggling to come up with a solution. In the Senate, lawmakers are debating a fix that would remove some of the legal hurdles that keep companies from exchanging information with each other about cyberattacks. David French is vice president of the National Retail Federation.
DAVID FRENCH: There are lots of laws that might limit the willingness of a company to voluntarily share information about what kinds of attacks are going on.
NAYLOR: Antitrust laws, for instance, that could keep, say, Target from telling, say, Wal-Mart how it got hacked, helping Wal-Mart avoid the same fate. The Senate bill would waive antitrust laws in that case, and it would encourage Target or any other company that was hacked including, say, Facebook or Google to share its users' information with the government to help fight future hacks. And that's what's got privacy advocates on alert. They charge such information sharing with the government should really be called surveillance. Evan Greer is with Fight for the Future, an Internet activist group. Greer says the bill's approach is all wrong.
EVAN GREER: Gee, we keep getting robbed. Let's put a surveillance camera in the bathroom and keep leaving the front door unlocked.
NAYLOR: Greer says hackers often get in the front door of institutions because of poor digital hygiene. That is the failure to properly safeguard systems with strong passwords and multiple layers of verification. To call Congress's attention to the bill's privacy problem, Fight for the Future organized a low-tech campaign.
(SOUNDBITE OF DIAL-UP CONNECTION)
NAYLOR: Yes, the fax machine.
GREER: Our thought was, look, it seems like Congress is stuck in 1984. Let's give Internet users a way to send their representatives messages using a form of technology that's as outdated as their thinking.
NAYLOR: Another problem with the bill, says Greg Nojeim, of the Center for Democracy and Technology, is that the data the companies share with the government is that of their customers. It's supposed to be scrubbed of people's personal identifying information, but, he says, it could still be used by the government.
GREG NOJEIM: Normally, the government would need a warrant to get a lot of the information that the companies can volunteer under the bill. Instead, the companies can just share it and the government can turn around and use it in criminal investigations.
NAYLOR: California Democrat Dianne Feinstein, vice chairman of the Senate Intelligence Committee and a co-sponsor of the bill, wants to amend the measure to limit the government's use of the data it obtains.
(SOUNDBITE OF ARCHIVED RECORDING)
DIANNE FEINSTEIN: The government cannot use this information for law enforcement purposes unrelated to cybersecurity and cybercrime.
NAYLOR: Nojeim, however, says many non-cybercrimes could still be investigated under the proposal, including, among others, ID theft and the theft of trade secrets. The bill's fate is unclear. The Senate may not have time to finish it before the August recess arrives at the end of the week, and the House has passed bills that take a different approach to fighting cyberattacks. Brian Naylor, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.