WASHINGTON – A bill seeking to strengthen U.S. defenses against cyberattacks passed the House 288-127 today amid criticism from the White House and civil liberties groups for its lack of privacy protections.
The House Intelligence Committee passed the Cyber Intelligence and Protection Act (CISPA) on an 18-2 vote last week. The committee adopted six amendments during the bill’s markup session held behind closed doors.
CISPA is designed to make it easier for private companies to share the personal information of their customers with the government in the interest of protecting the security of computer networks from cyberattacks.
The bill passed in the House last May, but was rejected by the Senate in August after its supporters could not clear a procedural vote over objections from GOP leaders. House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), the authors of the bill, reintroduced CISPA in February.
“I am very proud that so many of my colleagues were able to look past the distortions and fear mongering about this bill, and see it for what it really is – a very narrow and focused authority to share cybersecurity threat information to keep America safe,” Rogers said today. “I look forward to working with my Senate colleagues to get cyber threat information sharing legislation passed into law this year.”
“Passing this legislation is not just a victory on the House floor. This is victory for America,” said Ruppersberger. “Our nation is one step closer to making a real difference protecting our country from a catastrophic cyber attack.”
The new version of the bill includes additional oversight measures and removes a provision that would have allowed the government to use data they receive from companies for national security purposes. The measure also prohibits companies from retaliating with cyberattacks of their own.
“CISPA will go to conference with cybersecurity legislation that is eventually passed by the Senate, and during that process I will continue to fight to protect personal privacy and alleviate civil liberty concerns,” said Rep. Adam Smith (D-Wash.), ranking member on the House Armed Services Committee. “However, given the many intelligence briefs I have received as Member of Congress detailing previous cyber attacks and our vulnerabilities to future attacks, doing nothing to improve our defense against cyber attacks right now is unacceptable.”
In the few months between the last time the bill made it to the House floor and its reintroduction, officials have reported an increase in cyberattacks originating from Iran and China. At a forum on cyber issues on Tuesday, U.S. officials tried to persuade China to stop its cyberattacks by emphasizing their effects on the Chinese economy.
“I ask my Chinese friends to question whether this kind of activity serves China’s real interests as it seeks to attract high-end investment, aims to develop international markets for its innovative products, and wants its companies welcomed and respected as they increasingly invest around the world,” said U.S. Undersecretary of State for Economic Growth Robert Hormats.
On February 12, the same day that CISPA was reintroduced, President Obama signed an executive order that gives federal agencies greater authorities to share “cyber threat” information with the public sector.
“America must face the rapidly growing threat from cyberattacks,” President Obama said during his 2013 State of the Union address. “Congress must act…by passing legislation to give our government a greater capacity to secure our networks and deter attacks.”
The Obama administration threatened last year to veto CISPA because of its vague language and privacy issues. The new round of amendments are meant to address some of the White House’s concerns and stop the bill from being shelved a second time.
Rogers and Ruppersberger were confident that the legislation would gain the necessary momentum to clear the House.