Despite President Obama's threat to veto, the U.S. House of Representatives approved the Cyber Intelligence Sharing and Protection Act, aka CISPA or H.R. 624, by a 288 to 127 margin. 196 Republicans and 92 Democrats voted in favor of the legislation while 29 Republicans and 98 Democrats voted against it. CISPA now moves on to the Democratic-controlled Senate for another attempt at becoming a law.
In the event of a cyber attack, CISPA empowers private companies with a broad blanket of legal immunity when voluntarily sharing information with other companies, and with the federal government. Advocates of the legislation claim that it's a necessary step in securing company networks against attacks from countries like Iran and China, allowing them to quickly share information. But critics such as the Electronic Frontier Foundation claim it's an attack on user privacy by allowing companies to ignore other privacy-focused laws.
"For the second year in a row, the House voted to approve CISPA, a bill that would allow companies to bypass all existing privacy law to spy on communications and pass sensitive user data to the government," the EFF said in a press release. "EFF condemns the vote in the House and vows to continue the fight in the Senate."
The first version of CISPA also managed to pass through the House of Representatives, but didn't get past the Senate gates. Bill sponsors Rep. Mike Rogers and Rep. Dutch Ruppersberger thus announced a few changes that would be made to the bill, followed by additional amendments introduced on Thursday by Rep. Joe Barton (who voted against it last year), Rep. Shelia Jackson Lee and Rep. Michael McCaul.
PC Magazine reports that Barton's amendment bans companies from selling personal information they might receive after sharing cyber-threat information. The amendment supplied by Jackson states that companies may only share information if they have details about a cyber attack on the federal government, and McCaul's edit states that the Homeland Security Department and Department of Justice will handle incoming cyber-related information through a "civilian federal entity" planted within the agencies.
Will there be enough changes to the bill to ward off any veto stamped by the President? Again, it must pass through the Senate first, and CISPA opponents are hoping it will die there again. But the Obama administration made it very clear on Tuesday (PDF) that the CISPA bill may still get a veto even with the several adopted amendments.
"The Administration remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities," the Office of Management and Budget said. "Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge."
The amendments recently made to the bill sound like CISPA could be a step closer in meeting everyone concerned in the middle. Then again, Matt Wood, Policy Director of the Free Press Action Fund, said his group was disappointed over the House vote. Meanwhile, an anti-CISPA petition is going strong, landing in more than 150,000 votes.