The House of Representatives passed legislation on Thursday designed to help companies and the government share information on cyber threats, though concerns linger about the amount of protection the bill offers for private information.
This is the second go-around for the Cyber Intelligence Sharing and Protection Act after it passed the House last year but stalled in the Senate after President Barack Obama threatened to veto it over privacy concerns.
The bill, H.R. 624, drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added.
Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens’ private information and companies to misuse it.
U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy.
Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been growing. The bill’s supporters say a new law is needed to let the government share threat information with entities that don’t have security clearances.
“If you want to take a shot across China’s bow, this is the answer,” the House bill’s Republican co-author and Intelligence Committee Chairman Mike Rogers of Michigan said on the floor on Thursday.
While groups such as the American Civil Liberties Union remain displeased, House Democratic Whip Steny Hoyer called the new version of the bill “a significant improvement from what was passed last year.”
House Intelligence Committee leaders have made refinements and endorsed several amendments to the bill to try to put to rest some of the privacy concerns, in particular specifying that the Department of Homeland Security and the Department of Justice instead of any military agencies would be the clearinghouses of the digital data that will be exchanged – to “give it a civilian face,” as Rogers put it.
“We felt very strongly that it had to be civil,” said the bill’s Democratic co-author Dutch Ruppersberger, of Maryland, adding: “If you don’t have security, you don’t have privacy.”
But House Minority Leader Nancy Pelosi reflected concerns shared by the White House and many civil liberties groups, arguing that the bill did not do enough to ensure that companies, in sharing cyber threat data with the government and each other, strip out any personal data of private citizens.
“They can just ship the whole kit and caboodle and we’re saying minimize what is relevant to our national security,” the Democrat said. “The rest is none of the government’s business.”
Still, the future of cybersecurity legislation in the Senate remains unclear, given Obama’s veto threat and lack of action so far from Senate Democrats that control the majority there.
The White House did not immediately comment on the bill’s passage. It was quickly welcomed, however, by many industry groups that had supported it.
Backers had included the wireless group CTIA, the business lobby U.S. Chamber of Commerce and TechNet, which represents large technology companies such as Google Inc., Apple Inc., Yahoo! Inc. and Cisco Systems Inc.