Cybersecurity bill passes House and heads to Senate with White House threatening veto, protects companies from lawsuits
Fighting hackers and cyberattacks will allegedly get easy for companies with the legislation which was voted through the House on Thursday despite a White House veto threat and an outcry from privacy advocates and civil liberties groups that say it leaves Americans vulnerable.
The House vote, 288-127, puts the bill on the floor of the Senate as the issue has taken a backseat to gun control debate and the recent bombing in Boston.
The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely supported by big corporations and advocacy groups that say businesses are struggling to defend themselves against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.
The bill, said House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., strikes “that right balance between our privacy, civil liberties and stopping bad guys in their tracks from ruining what is one-sixth of the U.S. economy.”
Under the legislation, businesses and the federal government would be able to share technical data without worrying about anti-trust or classification laws. The bill also would grant businesses legal immunity if hacked so long as they acted in good faith to protect their networks.
The bill is sponsored by Rogers and Rep. Dutch Ruppersberger, D-Md., the panel’s top Democrat.
But privacy advocates and civil liberties groups say the bill would open up Americans’ most private online records to the federal government. The bill doesn’t include a requirement that companies scrub data of sensitive information like health or credit records before sharing it with the government.
In its veto threat issued Tuesday, the White House echoed that concern.
“Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately,” the White House stated.
Rep. Adam Schiff, D-Calif., had tried to amend the bill to require companies to strip any data of personally identifiable information before sharing it with the government. But Republicans blocked his proposal from being debated on the floor because they said tough mandates might deter companies from participating.
Business groups say the privacy concern is overblown.
“When it comes to sharing, there are practical, business reasons why companies carefully protect” sensitive information, Tim Molino with the Business Software Alliance recently wrote in an online post urging lawmakers to pass the bill.
“At the end of the day, personal information is customer information, and maintaining trust with customers is a core business imperative,” Molino added.