Companies Say They Can Strip Personal Data from Shared Cybersecurity Info

On Thursday, the House of Representatives Select Committee on Intelligence held a hearing on CISPA, the newly introduced "cybersecurity" legislation that would allow companies to pass sensitive user data directly to the government without a judge's oversight. No members of the civil liberties community were invited to testify. But while Internet freedom advocates were barred from voicing our concerns at the hearing, there was one important fact brought to light during the testimony of industry representatives: experts from the financial industry and the business roundtable confirmed that it's possible for them to remove data that identifies users from cybersecurity data before sharing it with the government.

EFF and other civil liberties groups have long said that a smart cybersecurity bill wouldn't give companies blanket permission to share any and all data with the government. At the hearing, experts from fields of business and finance went on record to agree with us that this is possible: companies are able to strip out personally identifiable information of users.