WASHINGTON (Reuters) - The House of Representatives passed legislation on Thursday designed to help companies and the government share information on cyber threats, though concerns linger about the amount of protection the bill offers for private information.
This is the second go-around for the Cyber Intelligence Sharing and Protection Act after it passed the House last year but stalled in the Senate after President Barack Obama threatened to veto it over privacy concerns.
The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added.
Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens’ private information and companies to misuse it.
U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy.
Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been growing. The bill’s supporters say a new law is needed to let the government share threat information with entities that don’t have security clearances.
“If you want to take a shot across China’s bow, this is the answer,” said the House bill’s Republican co-author and Intelligence Committee Chairman Mike Rogers.
While groups such as the American Civil Liberties Union are displeased, House Democratic Whip Steny Hoyer called the new version of the bill “a significant improvement from what was passed last year.”
Senator Jay Rockefeller, the West Virginia Democrat who chairs the Senate Commerce Committee, said he will work with Republican Senator John Thune of South Dakota and leaders of other committees to bring cyber legislation to a vote in the Senate as soon as possible.
“Today’s action in the House is important, even if CISPA’s privacy protections are insufficient,” Rockefeller said in a statement. “There is too much at stake - our economic and national security - for Congress to fail to act.”
House Intelligence Committee leaders have made refinements and endorsed several amendments to the bill to try to put to rest some of the privacy concerns. In particular, these specify that the Department of Homeland Security and the Department of Justice rather than any military agencies would be the clearinghouses of the digital data to be exchanged - to “give it a civilian face,” as Rogers put it.
“We felt very strongly that it had to be civil,” said the bill’s Democratic co-author Dutch Ruppersberger of Maryland. “If you don’t have security, you don’t have privacy.”
House Democratic leader Nancy Pelosi reflected concerns shared by the White House and many civil liberties groups, that the bill did not do enough to ensure that companies, in sharing cyber threat data with the government and each other, strip out any personal data of private citizens.
“They can just ship the whole kit and caboodle and we’re saying minimize what is relevant to our national security,” Pelosi said. “The rest is none of the government’s business.”
Still, the future of cybersecurity legislation in the Senate remains unclear, given Obama’s veto threat and the lingering concerns of many privacy-focused lawmakers and groups.
The White House did not immediately comment on the bill’s passage, but it was quickly welcomed by many industry groups that had supported it.
Backers included the wireless group CTIA, the U.S. Chamber of Commerce and TechNet, which represents big technology companies such as Google Inc, Apple Inc, Yahoo! Inc and Cisco Systems Inc.
Editing by Ros Krasny, Philip Barbara and Christopher Wilson