Controversial US legislation to help companies and the government share information on cyber threats has passed the first stage.
The House of Representatives yesterday voted in favour of passing the Cyber Intelligence Sharing and Protection Act (CISPA), its second go-around after it passed the House last year but stalled in the Senate after President Barack Obama threatened to veto it over privacy concerns.
The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added.
Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it.
US authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy.
Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been growing. The bill's supporters say a new law is needed to let the government share threat information with entities that don't have security clearances.
"If you want to take a shot across China's bow, this is the answer," said the House bill's Republican co-author and Intelligence Committee Chairman Mike Rogers.
While groups such as the American Civil Liberties Union are displeased, House Democratic Whip Steny Hoyer called the new version of the bill "a significant improvement from what was passed last year."
Senator Jay Rockefeller, the West Virginia Democrat who chairs the Senate Commerce Committee, said he will work with Republican Senator John Thune of South Dakota and leaders of other committees to bring cyber legislation to a vote in the Senate as soon as possible.
"Today's action in the House is important, even if CISPA's privacy protections are insufficient," Rockefeller said in a statement. "There is too much at stake, our economic and national security, for Congress to fail to act."
House Intelligence Committee leaders have made refinements and endorsed several amendments to the bill to try to put to rest some of the privacy concerns.
In particular, these specify that the Department of Homeland Security and the Department of Justice rather than any military agencies would be the clearinghouses of the digital data to be exchanged – to "give it a civilian face," as Rogers put it.
"We felt very strongly that it had to be civil," said the bill's Democratic co-author Dutch Ruppersberger of Maryland. "If you don't have security, you don't have privacy."
House Democratic leader Nancy Pelosi reflected concerns shared by the White House and many civil liberties groups, that the bill did not do enough to ensure that companies, in sharing cyber threat data with the government and each other, strip out any personal data of private citizens.
"They can just ship the whole kit and caboodle and we're saying minimize what is relevant to our national security," Pelosi said. "The rest is none of the government's business."
Still, the future of cyber-security legislation in the Senate remains unclear, given Obama's veto threat and the lingering concerns of many privacy-focused lawmakers and groups.
Late Thursday, the Obama administration reiterated that cyber-security is a top priority and said it would work with both parties to build on the House legislation and get a bill through the Senate.
"While CISPA has been improved in each of the administration's priority areas since its introduction this year, the bill does not yet adequately address our fundamental concerns," said Laura Lucas, a spokeswoman for the White House's National Security Council.
"We are hopeful that continued bipartisan, bicameral collaboration to incorporate our core priorities will produce cyber-security legislation that addresses these critical issues and that the president can sign into law."
Industry groups that supported the measure welcomed the House's action, including the wireless group CTIA, the US Chamber of Commerce and TechNet, which represents big technology companies such as Google, Apple, Yahoo! and Cisco Systems.