CISPA Vote: House Passes Cybersecurity Bill To Let Companies Break Privacy Contracts

Posted: 04/18/2013 1:49 pm EDT Updated: 04/18/2013 9:09 pm EDT

WASHINGTON -- The House of Representatives passed a broad cybersecurity bill Thursday that allows corporations to share customers' personal data with other firms and the U.S. government, even in cases in which a company has a signed contract explicitly vowing not to do so.

The Cyber Intelligence Sharing and Protection Act, known as CISPA, passed by a margin of 288 to 127, despite receiving a late veto threat from the Obama administration, which warned that the bill does not sufficiently protect civil liberties. The veto threat was particularly noteworthy, given President Barack Obama's Department of Justice has been urging Congress to expand its data-gathering and cybercrime powers for years. Congress shelved a similar bill last year after the White House expressed its formal opposition.

Supporters of the bill argue that it's needed to help the government protect key infrastructure and institutions from online attacks. They also have said the bill doesn't require companies or the government to monitor customer content, although it does authorize them to share personal account data, including emails and other information. Firms that voluntarily turn over such data would be immune from civil lawsuits.

The broad language of the bill, which imposes its standards above "any other provision of law," would effectively void privacy contracts between companies and their customers. Specifically it states that "Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes ... share such cyber threat information with any other entity, including the Federal Government." Companies could not be held accountable for violating terms of service agreements or other arrangements in which they promise not to share customer information with other parties.

Privacy and civil liberties advocates, including the American Civil Liberties Union, have blasted CISPA for overriding private contracts and authorizing both corporate and government access to personal information. Several Internet freedom groups also objected to the bill, warning that people will be less willing to use online services for fear that their privacy will be compromised.

Privacy proponents like the Electronic Frontier Foundation had urged the House to adopt an amendment that would have allowed companies to make legally enforceable privacy contracts with their customers. The amendment was never brought up for a vote.

The bill's opponents shared their concerns with the White House in the form a petition, which received the 100,000 signatures necessary to elicit a formal response last month. They also submitted more than 300,000 online signatures to the House Intelligence Committee.

But the corporate coalition that teamed up with web activists to take down the Stop Online Piracy Act in January 2012 was notably fractured during the congressional debate over CISPA. Many telecom companies, including AT&T and Comcast, support the legislation, which exempts them from legal liabilities. Chip manufacturer Intel and security software firm McAfee are also in favor. Others, such as Google, took no public position, while Microsoft and Facebook rescinded their support for the legislation, the latter after facing pressure from Demand Progress, the Internet freedom advocacy group founded by Aaron Swartz.

The intensity of the opposition, however, has been far more muted than that against SOPA, which pitted the bill's Silicon Valley opponents against support from corporate interests in Hollywood.

The weak corporate opposition to CISPA underscores the uphill battle that many nonprofit advocacy groups face in Washington when they lack such support: With corporate backing for the opposition, SOPA was abandoned without a vote, while CISPA, which is opposed largely by nonprofits, sailed through the House.

The CISPA vote also tested the Internet freedom credentials of SOPA opponents Reps. Darrell Issa (R-Calif.) and Jason Chaffetz (R-Utah), who have made significant inroads among web activists and tech firms on behalf of the Republican Party. Nevertheless, both voted in favor of CISPA.

Issa and Chaffetz defended their votes and argued that resurrecting their opposition to SOPA in the debate over CISPA was comparing apples to oranges.

"[SOPA] was a totally different thing ... just completely about something else," Chaffetz told The Huffington Post. "This is a question of cyber threats and our national security, and I believe we have to do everything we can to protect our national security."

Issa, who serves as the House Oversight Committee Chairman, said he was aware of the backlash the bill will provoke from the privacy and civil liberties communities but that he was comfortable with the final product.

"We've done our best to address their concerns in this bill," he told HuffPost, adding that measures would be taken to ensure oversight of what information was being shared, should the bill become law. "I'm confident we have all of the appropriate privacy protections in place."

The bill's chief backers stepped up pressure on members to garner their support ahead of the vote. CISPA sponsor Rep. Mike Rogers (R-Mich.) implied opponents were basically teenagers in their basements, while Rep. Michael McCaul (R-Texas) on the House floor invoked this week's Boston Marathon bombing to underscore the need to enhance national security.