The Cybersecurity Information Sharing Act (CISA) would offer legal protection to companies that monitor their customers and share information about "cyber threats indicators" with any federal entity.
In response to a July query from Senator Al Franken, DHS Deputy Secretary Alejandro Mayorkas said some provisions of the bill "could sweep away important privacy protections" and that the proposed legislation "raises privacy and civil liberties concerns."
The DHS fears that the bill's "expansive definitions of cyber threat indicators" would also permit companies to share data unrelated to cyber threats, Mayorkas added.
CISA's supporters say it would help the public and private sector defend against cyberattacks. But privacy advocates are concerned the bill would allow companies to hand over customers'personal data to government intelligence agencies.
Franken, the top Democrat on the Senate Judiciary Subcommittee on Privacy, Technology and the Law, said CISA is not yet ready for a vote.
"The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," he said in a statement.
The DHS has established information sharing arrangements that CISA might weaken, it said.
"If cyber threat indicators are distributed amongst multiple agencies rather than initially provided through one entity, the complexity – for both government and businesses – and inefficiency of any information sharing program will markedly increase; developing a single, comprehensive picture of the range of cyber threats faced daily will become more difficult," Mayorkas wrote.
The result will actually reduce the government's ability combat potential hackers, he said.
"This will limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents."
On Tuesday, Majority Leader Mitch McConnell, Kentucky Republican, said he wanted to bring CISA to the Senate floor for a vote before a month-long recess starts at the end of the week, the Washington Times reported.
But Senate Minority Leader Harry Reid, Nevada Democrat, said his party would only let the bill proceed if his members get an opportunity to offer relevant amendments.
