According to the research organization in charge of evaluating current legislation before Congress, “a complex array of laws and liability make cyberthreat information sharing a particularly sticky problem to tackle,” according to PoliticoPro.
The recent Congressional Research Service report, Cybersecurity and Information Sharing: Legal Challenges and Solutions, notes that private sector sharing could be difficult because of “laws including ECPA, SCA, the Wiretap Act, the Pen/Trap Act, the Cable Communications Policy Act and antitrust, tort and liability laws,” and “private-to-government sharing can be limited by concerns about FOIA requests, regulatory actions and privacy.”
Researchers noted that legislation may have “diametrically opposed,” goals. “A fundamental question lawmakers may need to contemplate is how restrictions that require close government scrutiny and control over shared cyber-information can be squared with other goals … like requirements that received information be disseminated in an almost instantaneous fashion. It may simply be impossible for information sharing legislation to simultaneously promote the rapid and robust collection and dissemination of cyber-intelligence by the federal government, while also ensuring that the government respects the property and privacy interests implicated by such information sharing.”