Those under consideration include limitations on the spread of information disclosed to certified entities and the removal of liability from an entity sharing information with the government “unless such covered entity engages in willful misconduct in the sharing of such information and such willful misconduct proximately causes injury.”
The government, on the other hand, in a proposed amendment, would face the brunt of legal recourse for perceived violations of the codes of conduct, provided that the action is taken within two years of the violation.
Another proposed amendment could be a step toward addressing Richardson’s aforementioned concerns by limiting the ability of the Department of Defense or National Security Agency to utilize the information obtained, to “provide additional authority to, or modify an existing authority of, the DoD or the NSA or any other element of the intelligence community to control, modify, require or otherwise direct the cybersecurity efforts of a private sector entity.”
Two approved amendments also serve as evidence of the committee’s moves to relieve concern over the bill, though they have not done so entirely. First is a provision prohibiting the federal government from affirmatively searching the information obtained comes with an exception that it can be sidestepped in favor of “the protection of the national security of the United States.” And second is the establishment of an annual review submitted by the Inspector General of the Intelligence Community covering the type of information shared, the application of that information, whether the actions taken under CISPA violated privacy or civil liberties and recommendations for future conduct.