The U.S. Senate passed legislation on Tuesday aimed at strengthening country’s cyber defenses. The bill, which would expand liability protections to companies that choose to voluntarily share cyber-threat data with the government, must be reconciled with two similar information-sharing measures that passed the House of Representatives earlier this year.

The Cybersecurity Information Sharing Act, or CISA has been criticized by privacy groups amid concerns it would shuttle more personal information into the hands of the National Security Agency and other government spies.

But business interests, including the Chamber of Commerce, have argued an information-sharing law is necessary to allow the private sector to cooperate more closely with the government on detecting and minimizing cyber threats without fear of lawsuits.

"The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links," commented the Electronic Frontier Foundation (EFF.)

"But no amount of changes in conference could fix the fact that CISA doesn't address the real cybersecurity problems that caused computer data breaches like Target and the U.S. Office of Personnel Management (OPM). The passage of CISA reflects the misunderstanding many lawmakers have about technology and security," EFF added.

The conference committee between the House of Representatives and the Senate will determine the bill's final language.

It's unclear whether it would improve Internet security. Participation is voluntary and companies have long been reluctant to tell the U.S. government about their security failures.BR>