A cybersecurity agency is asking tech firms such as Facebook, Twitter and Dropbox to crack up on cyberbullying in a bid to fight cybercrime.
The Cybersecurity Act of 2013 requires tech companies to disclose their cybersecurity efforts, including when they identify cyberattacks or threats and when they respond.
But it does not require the companies to put out any of the information to Congress.
The Cybersecurity Information Sharing Act of 2017 would compel companies to share cyberthreat information with the FBI, which could include the details of threats, the number of victims, the geographic locations where attacks are occurring and how they are spreading.
The new law also requires tech firms, including Facebook, to disclose any threats to their customers, including the IP addresses of targeted users.
Tech companies are required to provide the information in writing.
The law also gives the Attorney General broad authority to subpoena information that is shared under the Cybersecurity Intelligence Sharing Act, or CISPA, the law’s sponsor, Senator Ron Wyden, D-Ore., said in a statement Monday.
The bill has been widely criticized by privacy advocates and other technology companies.
A bipartisan coalition of lawmakers, including Democrats, Republicans and independent Sen. Patrick Leahy, D,Vt., is seeking changes to CISPA that would require companies to identify any cyberattacks that occur and disclose them to Congress, as well as to disclose the IP address of any users targeted.CISPA has been criticized by consumer advocates, including a coalition of consumer groups, which have said the legislation could open the door to government surveillance.
The cyberbullies often target people in their 20s and 30s, often using online social media accounts to harass or abuse them.
The lawmakers are pushing for changes that would protect the privacy of people whose information is shared with law enforcement.
The legislation is still in its infancy, and many details still need to be worked out.
“We are fighting cyberbulling.
We are fighting it with technology,” Leahy said in the statement.
“We are not going to let anyone bully us into inaction.”
The bill would not prohibit the sharing of cyberthreat data with the Department of Homeland Security, which has jurisdiction over national security threats.
The law would also not require companies or individuals to disclose data that would reveal the identities of the people who are targeted.
The FBI and other agencies also have powers under the law to help law enforcement combat cyberthreats.
They could, for example, require companies and individuals to take steps to block the spreading of malicious software or to identify the cybercriminals behind the threats.
The legislation would not apply to the sharing between government agencies or to private companies.
Privacy advocates say the bill would make it harder for companies to work with federal law enforcement to fight online threats.
They say that companies are not required to identify their customers’ identities and that information could be shared with the government.
“This bill creates a loophole that gives the FBI the ability to access the information of hundreds of thousands of people without any legal process whatsoever,” said Katherine M. Clark, a privacy advocate and executive director of the Electronic Frontier Foundation.
“I would hope that the public and Congress would reject this legislation.”