The U.S. House passed cybersecurity legislation backed by companies including Boeing Co. (BA) and AT&T Inc. (T), defying a veto threat by President Barack Obama’s administration over what it called inadequate privacy protections.
The bill gives companies immunity from lawsuits when they voluntarily share information, such as threats to computer networks and malicious source code, with each other and the U.S. government. It passed 288 to 127.
“This is not a surveillance bill,” Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, said today during debate. “It is paramount that we protect individual privacy in the conduct of sharing cyberthreat information.”
Congress is renewing a push to pass cybersecurity legislation following warnings by U.S. intelligence officials that electronic attacks could disrupt the nation’s banks, utilities, telecommunications networks and other essential services.
Senator Dianne Feinstein said in an e-mail today the Senate Intelligence Committee is “currently drafting a bipartisan information sharing bill and will proceed as soon as we come to an agreement.” Feinstein, a California Democrat, is chairwoman of the committee.
The threat of cyber attacks has for the first time become a greater concern than terrorism, James Clapper, the top U.S. intelligence official, told the House Intelligence Committee during an April 11 hearing. The Chinese army may be behind the hacking of at least 141 companies worldwide since 2006, according to a Feb. 19 report from Alexandria, Virginia-based Mandiant Corp.
The bill doesn’t require companies “to take reasonable steps” to remove personal information when sharing cybersecurity data with the government or other companies, the White House said April 16 in a statement on the veto threat.
“Citizens have a right to know that corporations will be held accountable -- and not granted immunity -- for failing to safeguard personal information adequately,” according to the administration statement.
Although some changes were made to the bill, it “does not yet adequately address our fundamental concerns,” White House spokeswoman Laura Lucas said in a statement. “We are hopeful that continued bipartisan, bicameral collaboration to incorporate our core priorities will produce cybersecurity legislation that addresses these critical issues and that the president can sign into law.”
Legal protections for companies in the legislation are too broad, the White House said in its veto threat. The bill wouldn’t prohibit companies from sharing information with the Defense Department, including the National Security Agency.
Rogers said his committee amended the bill to include greater privacy protections, such as requiring the government to minimize collection of information that could identify citizens and denying companies legal protections if they use cyberthreat data to hack each other.
The House adopted amendments to the bill yesterday and today. Most aimed to add privacy safeguards concerning how cyberthreat data is used and shared by companies and the government.
An amendment from Rogers says that nothing in the bill would authorize the Pentagon or intelligence agencies “to target a United States person for surveillance.”
An amendment from Representative Michael McCaul, a Texas Republican, says the Homeland Security Department will serve as the government’s civilian face for receiving information from companies. The amendment designates the Justice Department to serve as the hub for collecting information about cyber crimes.
McCaul likened cyberthreats to the April 15 bombing attack in Boston. “In the case in Boston they were real bombs,” he said. “In this case they’re digital bombs. And the digital bombs are on their way.”
Democrats including Representatives Adam Schiff and Anna Eshoo of California, Jan Schakowsky of Illinois and Rush Holt of New Jersey proposed amendments they said would have improved privacy protections. The Republican-controlled House Rules Committee, which sets parameters for floor debate, rejected the measures.
Along with Boeing and AT&T, the bill is supported by more than 60 companies and industry trade groups, including Comcast Corp. (CMCSA), Verizon Communications Inc. (VZ), International Business Machines Corp. (IBM), the Business Roundtable, the Financial Services Roundtable and TechAmerica.
“Improving and extending information sharing between private industry and the government is necessary to better protect our nation’s digital infrastructure and respond to the latest, evolving cyberthreats,” Kevin Richards, senior vice president for TechAmerica, wrote in a letter to House Speaker John Boehner, an Ohio Republican, and Democratic leader Nancy Pelosi of California.
The House passed a version of the bill 248-168 a year ago after the White House threatened to veto it. The legislation died when the Senate didn’t take it up.
A different cybersecurity bill in the Senate was blocked by Republicans who said it would lead to regulation.
Former Senator Joe Lieberman, a Connecticut independent who led the Homeland Security and Governmental Affairs Committee, was the driving force behind the Senate’s cyber bill last year. He didn’t run for re-election.
Senator Tom Carper, a Delaware Democrat, is the new chairman of the committee. He said in a statement today he plans to work with other senators to craft a comprehensive cybersecurity bill. He didn’t provide a timeline for doing so.
The bill is H.R. 624.
To contact the reporter on this story: Chris Strohm in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Bernard Kohn at email@example.com