Authors of a cybersecurity bill said Tuesday they will amend their legislation in response to privacy concerns before the House votes on the controversial measure this Friday.
The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), seeks to give businesses and the federal government legal protection to share cyber threats with each other in an effort to thwart hackers. The government does not currently share that data because the information is classified and companies fear violating anti-trust law. The bill would remove legal barriers so they can do so.
But the legislation has been criticized by privacy and civil liberties groups that have said the bill's definition of the consumer data that can be shared with the government is overly broad.
They have expressed concerns that the bill could allow law enforcement to obtain citizens' personal information without needing a warrant. They also worry about consumers' data ending up in the hands of the National Security Agency (NSA), which gathers intelligence on foreign entities but is legally barred from collecting data on Americans.
The bill’s authors said one of the amendments would limit the federal government’s use of private information to five purposes: cybersecurity, investigating and prosecuting cyber crime, protecting “individuals from death or serious bodily harm,” protecting minors from child pornography, and ensuring national security. Another amendment would restrict the cyber threat data that can be shared.
“I am very pleased with where the bill stands today,” Rogers said in a statement. “Our bill is designed to help protect American companies from advanced foreign cyber threats, like those posed by the Chinese government. It has always been my desire to do that in a manner that doesn’t sacrifice the privacy and civil liberties of Americans, and I am confident that we have achieved that goal.”
In a conference call Tuesday, Rogers told reporters “we feel very confident we have the votes” to pass the bill in the House, which is scheduled to begin debate on the bill Thursday and vote on Friday.
In a statement released Tuesday, the Center for Democracy and Technology, which had opposed the legislation due to privacy and civil liberties concerns, said the bill’s authors have “made important privacy improvements."
But the group said the legislation still “falls short” because it does not prevent the flow of Internet data to the NSA and the use of information for purposes unrelated to cybersecurity. It said it would support amendments to address those concerns, but that it “will not oppose the process moving forward in the House.”
On Tuesday, U.S. Rep. Adam Schiff (D-Calif.), a member of the House Intelligence Committee, said he will offer his own amendment to the bill in order to limit the collection of personally identifiable information and "narrowly define" the purposes for which the government can use information obtained from companies.
The White House has declined to comment on the bill specifically. But in a conference call with reporters Monday, a senior administration official said that cybersecurity legislation also needed to regulate critical infrastructure, such as the power grid, and include oversight to protect citizens' privacy.
"We need legislation that is carefully crafted and narrowly tailored to find the types of information that can be shared so it is focused on cybersecurity risks and not on every conceivable use of private information," one senior administration official said.
In recent weeks, the bill's authors and supporters have defended the legislation in the face of a growing Internet backlash. In particular, Rogers and Ruppersberger sought to refute what they said were misconceptions that the bill is similar to SOPA and PIPA -- controversial anti-piracy bills that were scuttled earlier this year after widespread Internet protests.
Despite such concerns, Rogers' bill has widespread bipartisan support, with more than 100 co-sponsors in the House and letters of support from the U.S. Chamber of Commerce and several major technology companies, including Facebook and Microsoft.
Rogers said there is a reason “every corner of the private sector loves this bill.”
“They need the help,” he told reporters. “They need it now. And they are absolutely under siege.”