By Deirdre Walsh
Ignoring a veto threat from the White House, the House passed legislation Thursday designed to protect communications networks from cyberattacks.
The vote was 248-168.
But even as the House bill moves forward, privacy concerns about granting government agencies access to personal information transmitted on the Internet could prove to be a major obstacle to any new cybersecurity law.
House Intelligence Committee Chairman Mike Rogers, R-Michigan and a former FBI agent, said he spent the last year working on the bill because the national security risk to the United States posed by cyberattacks is one, “we are just not prepared to handle.”
“We needed to stop the Chinese government from stealing our stuff. We needed to stop the Russians from what they’re doing to our networks and people’s personal information data and resources,” Rogers said on the House floor on Thursday. “We needed to prepare for countries like
Iran and North Korea so that they don’t do something catastrophic to our networks here in America and cause us real harm to real people.”
The House bill, called the Cyber Intelligence Sharing and Protection Act, was drafted by Rogers and the committee’s top Democrat, Maryland Rep. Dutch Ruppersberger. It sets up a voluntary system for private companies to share information about any threats or attacks on their networks with U.S. national security agencies. It also gives some liability protections to those companies in return for cooperating with the government.
While the Obama administration and many congressional Democrats agree the United States needs to respond to cyberthreats, they and many outside civil liberties advocates say the House bill fails to sufficiently guard personal information. They worry the new rules allowing Internet companies to share information with the National Security Agency could give unfettered access by the intelligence community to data about any individual surfing the Web or sending e-mail.
In its statement opposing the bill and promising a veto, the administration on Wednesday said, “Cybersecurity and privacy are not mutually exclusive.”
In a reference to the George Orwell book that described a society in which government was eavesdropping on its citizens, Rep Hank Johnson, D-Georgia, said during Thursday’s debate, “I know it’s 2012 but it still feels like 1984 in the House today.”
But House Speaker John Boehner, R-Ohio, argued the administration’s insistence on specific standards and broader limitations on how much personal information can be shared goes too far.
“The White House believes the government ought to control the Internet; the government ought to set standards and the government ought to take care of everything that’s needed for cybersecurity. They’re in a camp all by themselves,” Boehner said
Proponents of the House bill said they addressed the concerns about privacy raised by many outside groups by adding provisions to narrow how government agencies can use any personal information, limiting it mainly to prosecuting crimes and preserving national security.
Some of those changes helped dampen an outside lobbying effort to defeat the bill. While the American Civil Liberties Union rallied against the measure, another group concerned about protecting privacy rights, the Center for Democracy and Technology, agreed the process needed to move forward.
California Democratic Rep Adam Schiff said he was disappointed his move to limit the transfer of personal information was not allowed a vote on Thursday. He said people want to be secure online, but “they have no idea their information is being collected in this cybernetwork, and that information is not necessary to protect ourselves from a cyberthreat. We want to minimize that.”
Schiff said companies have the capability to limit the transfer of this information, “but they would rather not have the obligation to do it.” Ruppersberger said requiring private companies to strip out all personal information was a “nonstarter” with congressional Republicans and the Internet providers who would be the ones giving the intelligence community access to their networks.
Conceding there’s a split among Democrats on the bill mainly because of the privacy concerns, Ruppersberger said the fight targeted the bipartisan House bill because “we’re the only game in town.” Still, 42 Democrats voted for the measure. Although there is a bipartisan Senate proposal offered by independent Sen. Joseph Lieberman of Connecticut and Maine Republican Sen. Susan Collins that the White House prefers, that version has not been scheduled for a vote.
Ruppersberger said the compromise bill wasn’t perfect, but said, “The most important thing is to move forward.” He warned the only thing standing in the way of protecting communications networks for businesses and individuals was inaction by Congress.