The House of Representatives on Wednesday is expected to pass controversial legislation that aims to deter cyberattacks.
The measure, the Cyber Intelligence Sharing and Protection Act, or CISPA, would allow U.S. intelligence agencies to share information about cyber threats with owners of financial networks, utilities, telecommunications networks and other critical infrastructure in real time.
The bill also would immunize companies that share information about cyber threats from liability under antitrust and privacy laws that many companies say currently deter them from exchanging such data.
A similar measure passed the House last spring by a vote of 248 to 168, although efforts to pass cybersecurity legislation later stalled in the Senate.
CISPA's critics, including the American Civil Liberties Association and the Electronic Frontier Foundation, charge that it lacks sufficient privacy protections and would allow companies to share information with the National Security Agency without first having to remove people's personal information. Critics add that the bill should direct companies to share information with the Department of Homeland Security, a civilian agency.
A petition circulated by the ACLU that urges President Obama to veto CISPA has garnered nearly 50,000 signatures.
An array of business groups, including the American Bankers Association, technology companies such as IBM and Intel, communications firms like Verizon and AT&T, and groups representing the telecommunications and energy industries are backing the measure.
"Enactment of this bill would give [the Financial Services — Information Sharing and Analysis Center] increased access to and a greater ability to share timely and actionable threat information with its private sector members and the government in an effort to protect networks, systems and data," the ABA, the Financial Services Roundtable and five other trade groups wrote on April 10 to House Intelligence Committee Chairman Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., CISPA's sponsors.
The White House on Tuesday threatened to veto CISPA, saying its privacy protections need to be tightened further. The administration "remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities," according to a policy statement published by the Office of Management and Budget.
The administration, which agreed with CISPA's critics that information about cyber threats "should enter the government" via the Department of Homeland Security," added the administration "stands ready to work" with Congress to pass legislation that strengthens the nation's cyber defenses.
The legislative push follows a series of cyberattacks since September on some of the nation's biggest financial institutions and a report in February that hackers backed by the Chinese military ave stolen business secrets from U.S. companies.
On April 10, the House Intelligence Committee passed CISPA by a vote of 18 to 2 after adopting a series of amendments that supporters say address privacy concerns, including one that Rogers and Ruppersberger say limits the government's use of information it receives from companies. The committee made "changes to this legislation at every step in the process…to address privacy and civil liberties concerns," the panel wrote in its report on the bill.
Still, the changes did not assuage some legislators. "We need to ensure that companies aren't sharing their customers' personal information," Rep. Adam Schiff, D-Calif., who along with Rep. Jan Schakowsky, D-Ill., opposed the measure, tweeted after the vote.
Late Tuesday, the House Rules Committee rebuffed an amendment by Schiff and Schakowsky that would have sought a vote by the House on whether companies should be required to take "reasonable steps" to remove personal information from cyber threat data before sharing it with the government, the Hill reported.
For its part, the Senate has cybersecurity measures of its own. In February, Commerce Committee Chairman Jay Rockefeller, D-W.Va., Intelligence Committee Chairman Dianne Feinstein, D-Calif., and Homeland Security Chairman Tom Carper, D-Del., introduced a bill that also aims to reinforce defenses against digital threats. Rockefeller has called passing legislation this year to address cyber threats a priority.