The U.S. House of Representatives has voted to approve a controversial cyberthreat information-sharing bill, despite opposition from the White House and several privacy and digital rights groups.
The House on Thursday voted 288-127 to approve the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that would allow U.S. intelligence agencies to share cyberthreat information with private companies. It would also shield private companies that voluntarily share cyberthreat information with each other and with government agencies from privacy lawsuits brought by customers.
The bill would still need to be passed by the U.S. Senate before heading to President Barack Obama for his signature. The Senate declined to act on another version of CISPA during the last session of Congress, and earlier this week, Obama's advisors threatened a veto, although that was before the House approved a handful of amendments intended to address privacy concerns.
CISPA would allow private companies to share a broad range of customer data with each other and with government agencies, privacy groups have complained.
Supporters, however, argued the legislation is needed to encourage better information sharing about active cyberattacks, resulting in better defense of U.S. networks. Federal law now prohibits intelligence agencies from sharing classified cyberthreat information with private companies.
The bill will help protect the U.S. against cyberattacks from China, Iran and other countries, supporters said. Cyberespionage has cost the U.S. tens of thousands of jobs, as foreign companies steal the blueprints of U.S. products, said Representative Mike Rogers, a Michigan Republican and primary sponsor of CISPA.
"If you want to take a shot across China's bow, this is the answer," he said to applause on the House floor.
The bill correctly balances privacy concerns with the need for security, added Representative Dan Maffei, a New York Democrat. Rogue nations and "even independent groups like WikiLeaks" are taking aggressive measures to attack the U.S. power grid, air-traffic control systems and customer financial data, he said.
"Every day, international agents, terrorists and criminal organizations attack the public and private networks of the United States," he said. "While I do always have some concern that the U.S. government may access our private information in the cyber sphere, I am more concerned that the Chinese government will access our private information."
The House on Thursday voted for a handful of amendments to the bill intended to improve privacy protections in the bill. Lawmakers approved an amendment designating the U.S. Department of Homeland Security and U.S. Department of Justice as the primary repositories of cybertheat information shared by private companies, addressing a concern by several privacy groups that CISPA would give the U.S. National Security Agency unfettered access to customer data.
Sign up for CIO Asia eNewsletters.