cable-backed cybersecurity bill HR 3523, the Cyber Intelligence Sharing and
Protection Act, passed the House of Representatives 248 to 168 late Thursday
with various amendments to make it more palatable to privacy groups and
Democrats. It faces even further modifications in the Senate, its Republican
backers conceded, and will need them if it is to avoid a veto threat by the
White House issued earlier this week.
Passage, which included more than 40 Democratic
ayes, followed a generally respectful, but extensive daylong debate, first on
amendments then on the underlying bill.
The bill allows for government sharing of
cyberthreat information with industry, and vice versa, subject to some
restrictions, though not enough for privacy groups.
Among the amendments agreed to, is sunsetting
the bills provisions in five years, which means it will get a review and have
to be renewed. There were also amendments to narrow the definitions in the bill
and make it clear that the information being shared between industry and
government can be FOIA'd, subject to the usual exemptions.
But bill opponents, including privacy groups
and many Democrats, are still concerned about the bill's liability protections
for companies they say encourage them to dump data, including personal data, on
the government, the extent to which the government can use that information,
and the rubric of "national security" that could cover a multitude of
Companies are encouraged, but not required, to
delete personal information identifiers from any info they share.
Bill critics talked about the bill sweeping
away privacy protections and empowering government spying, charges that
appeared to frustrate Republican bill backers who maintained it was a narrow
bill and that it was time to take a first step, suggesting there would be
opportunity for more refinements and narrowing before it made it to the
By late Thursday, the criticisms of a
bipartisan bill that had passed 17 to 1 out of the House Intelligence Committee
started sounding like the pushback on another bipartisan online bill that gave
government more power and industry more liability protections, the Stop Online
Piracy Act (SOPA).
SOPA was eventually deep-sixed.
In fact, several legislators went out of their
way to say this was not a repeat of SOPA, including pointing out nothing in the
bill allows the government to block Web sites or movie downloads. "This is
not SOPA," said Rep. Dutch Ruppersberger (D-Md.), co-sponsor of the bill.
The bill does not include a final amendment, a
provision preventing an employer from asking for a Facebook or Twitter password
as a condition of employment. It was not directly related to the bill, but is
an issue that has been in the news and on some legislators' minds for weeks
now, and was pushed by Rep. Ed Perlmutter (D-Colo.).
co-sponsor Mike Rogers (R-Mich.) expressed frustration that the amendment was
offered, saying it was another one of the "kitchen sink" items
opponents had thrown at a bill he was attempting to keep as narrow as possible.
CISPA's passage means House Republicans can
say they have passed cybersecurity legislation and the ball is now in the
Democratically controlled Senate's court, a point they will likely make the
next time Anonymous hacks into a high-profile web site.