CISPA Bill Passes House, 248-168; Veto Threatened

The CISPA cybersecurity bill, formally known as the Cyber Intelligence Sharing and Protection Act and opposed by many Internet freedom advocates, passed the House Thursday evening despite a White House veto threat.

House Intelligence Committee Chairman Mike Rogers, R-Mich., a chief sponsor, said the bill was “needed to prepare for countries like Iran and North Korea so that they don’t do something catastrophic to our networks here in America,” Politico reported.

The final tally was 248-168, enough to pass the measure but not enough to override a veto. Forty-two Democrats broke with President Barack Obama to support the bill, and 28 Republicans voted against it.

Amendments to address privacy concerns were not included. The legislation would still allow information from private companies to be used for intelligence and national security purposes, not just cybersecurity.

The administration and Democratic critics opposed the bill because of privacy and civil liberties concerns. The other main sticking point was that, unlike a Senate bill by Sen. Joe Lieberman of Connecticut, CISPA would not mandate new security requirements for a critical infrastructure network.

At least some of CISPA’s Democratic supporters weren’t happy with their colleagues’ opposition to the bill, nor with the White House.

After the White House issued the veto threat Wednesday, Rep. Dutch Ruppersberger of Maryland, Rogers’s chief Democratic ally, launched an all-out lobbying effort to persuade his fellow Democrats to back the bill.

“We worked it. We worked it hard, we contacted people personally. Many people I talked to just on the floor,” he said after the bill passed. “This is very complicated, a lot of people didn't understand it. .... Yesterday was a tough day for me with the White House,” Ruppersberger said.

Rep. Jim Langevin, D-R.I., a CISPA co-sponsor, echoed Ruppersberger.

“It was disappointing, I think it could have been handled differently,” Langevin said of the White House move. “To do it at this stage, I don’t think it was very helpful to get an information-sharing bill through.”

Speaker John Boehner, R-Ohio, said Thursday that the White House was in a camp all by themselves. Nevertheless, most Democrats voted against the bill.

“CISPA would trample the privacy and consumer rights of our citizens while leaving our critical infrastructure vulnerable,” an administration official said Thursday in response to Boehner. “We need Congress to address this critical national and economic security challenge while respecting the values of freedom, privacy, openness and innovation so fundamental to our nation.”

After the bill's passage, Rogers and Ruppersberger issued a statement, reported by Reuters: Economic cyber spies will have a harder time stealing American business plans and research and development as the House took the first step today by passing a cybersecurity bill that will help U.S. companies better protect themselves from dangerous economic predators.

Under the bill, as reported by the Christian Science Monitor, Internet providers and other private companies would receive classified digital signatures and other data from government agencies, including intelligence agencies like the National Security Agency, to help identify malicious Internet traffic.

Internet providers could defend their own networks and their corporate customers -- and share cyberthreat information with others in the private sector and with the federal government on a voluntary basis. They would be encouraged, but not required, to anonymize information that they voluntarily share with government and nongovernment entities.

Internet providers would get immunity from privacy lawsuits in which customer information was voluntarily disclosed as a possible security threat, as well as antitrust protection that immunizes them against allegations of colluding on cybersecurity issues.

This bill creates a cybersecurity loophole in all existing privacy laws, Trevor Timm of the Electronic Frontier Foundation told the Monitor. Right now we have longstanding laws -- the Wiretap Act and the Electronic Communications Privacy Act that have been on books for decades -- saying government needs probable cause or a judicial warrant if they want to read your e-mails. This bill would allow companies to read your emails as long as there was some vague cybersecurity purpose -- and hand them to government with no judicial review.

Another group, the Center for Democracy and Technology, worked closely with Rogers on amendment language -- and indicated it might not oppose the bill -- if amendments the group favored made it to the House floor for a vote.

But on Wednesday those amendments restricting the flow of information to the non-civilian-run NSA -- and restricting government authority to use information for non-cybersecurity purposes -- were shot down even before being voted on. As a result, the group pulled its support.

Intelligence operatives, corporate executives and privacy activists acknowledge that U.S. corporate and government computer networks are the targets of increasingly sophisticated hacking attacks, the Los Angeles Times notes.

The most pernicious are undertaken by criminal networks and foreign intelligence agencies, including those out of China, with a goal of stealing national defense information and, even more commonly, intellectual property secrets from American companies, U.S. officials say. Cyber-attacks can also be used to physically tamper with infrastructure, such as electricity generators or chemical plants.

The outlook for the House legislation in the current form is uncertain. It matches up with a Senate bill introduced by Sen. John McCain, R-Ariz., but Democrats, who control the chamber, are aligned behind a broader bill authored by Sen. John Rockefeller, D-W.Va., and others.

The White House strongly supports that bill, which has provisions that would allow the Department of Homeland Security to direct companies maintaining critical infrastructure, such as water and power utilities, to meet new standards.