A bill that facilitates sharing of cyber threat information between private companies and the government has been favorably reported out of the House Permanent Select Committee on Intelligence. The Cato Institute provides a good overview of the bill and the issues raised by it.
The crucial question, of course, is what counts as “cyber threat information.” That term is defined to encompass:
information directly pertaining to a vulnerability of, or threat to a system or network of a government or private entity, including information pertaining to the protection of a system or network from—
(A) efforts to degrade, disrupt, or destroy such system or network; or
(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
Section B is concerning to me given the broad language and easy way it could be used to circumvent warrant requirements. At the same time, as the article recognizes, the sharing of information can be very helpful. In the face of an ongoing attack, I would err on the side of sharing, but in other circumstances, restricting sharing to Section A is appropriate. If information is uncovered, the government can always obtain a warrant to enable access to the information described in Section B.
The article is well worth a read, particularly given its discussion of the issues (applicable outside of the US as well).