House passes CISPA

The controversial Cybersecurity Intelligence Sharing and Protection Act passed April 18 in the House by a margin of 288-127, joining three other cybersecurity bills that will move forward for Senate consideration.

CISPA passed the House last year as well, but died in the Senate amid privacy and civil liberties concerns as well as a White House veto threat. The latest vote drew praise from information-sharing advocates but, as in the past, ignited a firestorm of criticism as well.

"I am very proud that so many of my colleagues were able to look past the distortions and fear-mongering about this bill, and see it for what it really is -- a very narrow and focused authority to share cybersecurity threat information to keep America safe," said Rep. Mike Rogers, (R-Mich.), who co-sponsored the bill. "I look forward to working with my Senate colleagues to get cyber threat information sharing legislation passed into law this year."

Some parties -- IT trade groups, Capitol Hill backers of the legislation -- applauded CISPA's passage, characterizing it as a step toward comprehensive cybersecurity legislation. In particular, the bill's measures addressing information-sharing between private companies and the government garnered praise.

"Early detection and notification of cybersecurity threats is the most critical component of preventing and mitigating attacks as well as increasing security across the board," said Ken Wasch, president of the Software and Information Industry Association. "CISPA creates the necessary flexibility for businesses to share security information without fear of legal or regulatory liability."

However, other organizations voiced concerns over privacy and civil liberties threats the bill could pose by allowing companies, including Internet service providers, to furnish the government with information on citizens' online activities.

"CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the [National Security Agency], without first stripping out personally identifiable information," said Michelle Richardson, a legislative counsel at the ACLU's Washington Legislative Office. "We will work with Congress to make sure that the next version of information sharing legislation unequivocally resolves this issue, as well as tightens immunity provisions and protects personal information. Cybersecurity can be done without sacrificing Americans' privacy online."

According to reports, work is now under way in the Senate to draft a cybersecurity bill.