The House passed a cybersecurity bill Thursday aimed at encouraging greater sharing of threat data between the private sector and the federal government, but the White House has said it will veto the legislation if it does not include stronger privacy protections.
The bipartisan Cyber Intelligence Sharing and Protection Act (CISPA) passed 288 to 127, with 92 Democrats supporting it. But the bill faces resistance in the Senate, where senior Democrats say they intend to move legislation that includes more robust privacy safeguards as well as measures to protect the nation’s most critical computer systems.
Rep. Mike Rogers (R-Mich.), who chairs the House Intelligence Committee and co-sponsored the cybersecurity bill, said this month that he and his colleagues have discussed cyber-threat-sharing legislation with Senate counterparts.
“Our goal is to get the Senate to pass a bill,” he told reporters. “We’d love to get a bill into conference.”
This is the second year the House passed a cyber-threat-sharing bill, and the second year the White House has threatened a veto. Last year, the Senate did not pass comprehensive cyber legislation, which would have included a threat-sharing measure.
CISPA would remove obstacles to greater sharing of malware and other threat data by companies to the government and vice versa. One provision would protect companies from lawsuits related to their sharing of data with the government.
Privacy advocates said revisions to the bill did not allay their concerns.
“CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose,” even directly with military agencies such as the National Security Agency, without first stripping out personal information, said Michelle Richardson, a legislative counsel at the American Civil Liberties Union Washington Legislative Office.