By Pam Benson
The House Intelligence Committee has overwhelmingly passed a new cybersecurity bill that would enhance data sharing between the government and private industry to protect computer networks and intellectual property from cyber attacks.
By a vote of 18-2, the panel on Wednesday approved the Cyber Intelligence Sharing and Protection Act (CISPA).
The measure sets up a voluntary system for companies to share threat information on their networks with the government in exchange for some liability protections.
The bill also allows the government to share intelligence and other cyber threat information with industry.
A similar bill died in the Senate last year after a number of Republicans argued that proposed cybersecurity standards allowed for too much government regulation.
The White House had threatened to veto that bill over privacy concerns.
The Intelligence Committee revised the legislation this time to address some of those issues.
The proposal strikes a provision that would have allowed law enforcement and other government agencies to use cyber data it receives from companies for broader national security purposes.
The private sector is restricted from using cyber security information for marketing or any other commercial purposes.
Companies would have no legal protection if they hack other companies to retrieve data they believe was stolen from them.
The bill requires the government to establish procedures that would minimize the acquisition and retention of personal information it might receive from a company. These might include addresses and phone numbers, which are not relevant to a cyber threat.
Finally, it would strengthen oversight to ensure civil liberties and privacy are protected.
Committee Chairman Mike Rogers, who co-sponsored the bill with ranking member Dutch Ruppersberger, said it does not create a surveillance program as some critics have charged.
"It does not allow any government agency, the NSA or the CIA, to monitor domestic internet content in any way, shape or form," Rogers said.
"We think we struck the right balance. It's 100 percent voluntary. There are no big mandates in this bill, and industry says under these conditions they think they can share back, and the government can give them information that might protect them," he added.
Rogers said they consulted the White House while drafting the bill, but the Obama administration has not indicated whether it will support it.
A spokeswoman for the National Security Council, Caitlin Hayden. said that while changes made to the bill "reflect a good faith effort to incorporate some of the administration's important substantive concerns ... we do not believe these changes have addressed some outstanding fundamental priorities."
And the changes are not enough to satisfy the concerns of some privacy groups and the two members of the committee who voted against it.
Adam Schiff, D-California, and Jan Schakowsky, D-Illinois, said they will push to amend the bill when its debated on the House floor later this month.
They think it should require companies to remove personal data not associated with cybersecurity before they share information with the government.
And they argue a civil agency like the Department of Homeland Security should be in charge of information sharing with industry. They fear the National Security Agency and the military will have access to American's personal information.
Rogers and Ruppersberger expect the full house will adopt the measure. Then it will be up to the Senate to pass its own version. If that happens, a House-Senate negotiating committee would attempt to hammer out a final bill.