The House of Representatives passed a controversial cybersecurity bill as expected on Thursday, moving toward a possible confrontation with the Senate and White House.
The Cyber Intelligence Sharing and Protection Act of 2013, or CISPA, passed by a vote of 288 to 127, with 17 abstentions.
The bill makes it easier for companies to share information with other companies and the government about cyber attacks. Large tech companies pushed hard for the legislation amid escalating cyber attacks, calling it a necessary step to shore up their defenses.
The companies threw their lobbyists and pocketbooks behind the bill, according to an analysis by the Sunlight Foundation: “Sunlight’s review of lobbying disclosures from the last session of Congress in Influence Explorer shows that backers of the Cyber Intelligence Sharing and Protection Act had $605 million in lobbying expenditures from 2011 through the third quarter of last year compared to $4.3 million spent by opponents of the bill."
Proponents praised the vote in Congress.
“CISPA creates the necessary flexibility for businesses to share security information without fear of legal or regulatory liability,” said Ken Wasch, president of the Software & Information Industry Assn., in a statement. “Specifically, CISPA would protect companies and organizations that share threat and vulnerability information with the government from legal liability and the risk of lawsuits, while also providing a critical exemption from antitrust laws that currently discourage information exchanges between private companies.”
By contrast, critics waged an online campaign attempting to create a groundswell of opposition. They argued that the bill made it too easy for companies and the government to gain access to private data, absolved companies of too much legal liability, and failed to ensure that civilian rather than military agencies would facilitate the sharing of information.
But those opposition efforts fell short.
“Throughout the debate on CISPA, I have sought to ensure that the privacy of Americans was protected, a goal that can easily be accomplished while still allowing for increased sharing of cybersecurity information,” said Rep. Adam Schiff (D-Burbank), in a statement. “And while progress has been made, the bill still lacks any requirement that private companies remove the personal information of Americans before sharing cybersecurity information with the government or other companies.”
The issue now moves to the Senate, where a companion bill has yet to be introduced. But earlier this week, the Obama administration made clear its promise to veto the House version of CISPA unless greater provisions were made to protect privacy and civil liberties.
“We’re obviously disappointed in the outcome of the House vote on CISPA, but Internet freedom and privacy advocates have reason to be optimistic,” said David Segal, executive director of Demand Progress. "We’re buoyed by President Obama’s veto threat, which prioritizes our concerns about privacy and the potential sharing of domestic, civilian data with the military. And we have strong allies in the Senate, in the form of Al Franken, Bernie Sanders, Ron Wyden, Rand Paul and others: We’re prepared to make a strong stand for privacy rights in that chamber, if similar legislation even sees the light of day there.”