The U.S. House of Representatives Thursday evening passed a controversial cybersecurity bill that would facilitate sharing of information about critical threats among businesses and government bodies.
The bipartisan Cyber Intelligence Sharing and Protection Act, or CISPA, cleared the House by a vote of 248 to 168, though some privacy and civil-liberties groups object to the extent of the personal information that could be sent to secretive military agencies through the bill.
“CISPA goes too far for little reason,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in a statement responding to the bill’s passage. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back.”
Backers of the bill have maintained that it would only provide for limited data collection and sharing, and a variety of amendments were adopted to further limit the scope of the legislation so that it would only cover specific cyber threats.
The bill faces an uncertain future in the Senate, where lawmakers have introduced a more comprehensive cybersecurity bill and a companion to the House legislation is awaiting consideration.
Backers of the House bill noted they have spent more than a year engaging with businesses, digital-rights groups and other concerned parties to fine-tune the language of the legislation in an effort to address the privacy concerns that created a groundswell of opposition.
“This bill does not allow the wholesale violation of privacy rights,” Rep. C.A. “Dutch” Ruppersberger (D-Md.), one of the authors of the bill, said in remarks on the House floor.
The version of the bill that cleared the House on Thursday included a number of changes intended to address the concerns that privacy groups had raised, including an amendment stipulating that government agencies could only obtain information from private-sector entities explicitly relating to cyber attacks, national security or other narrowly defined threats.
The Center for Democracy and Technology, one of the outside groups that had been extensively involved with the legislative process, had negotiated a number of changes to the original bill that seemed to indicate a broadening of support earlier in the week, but the group has since pulled back, and blasted the version of the bill that passed on Thursday.
“We worked very hard in cooperation with the Intelligence Committee to develop amendments to narrow some of the bill’s definitions and to limit its scope. We are very pleased that those amendments were adopted, leaving the bill better for privacy and civil liberties than it was going into the process,” CDT said in a statement.”
“However, we are also disappointed that House leadership chose to block amendments on two core issues we had long identified — the flow of information from the private sector directly to [National Security Agency] and the use of that information for national security purposes unrelated to cybersecurity.”
The CDT indicated that it would work to advance its privacy agenda if the CISPA counterpart should gain traction in the Senate.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.