The House on Thursday approved controversial cybersecurity legislation that the Obama administration has threatened to veto.
Members approved the Cyber Intelligence Sharing and Protection (CISPA) act, H.R. 3523, in a 248-168 vote that split both parties somewhat. The bill was supported by 42 Democrats, while 28 Republicans opposed it.
CISPA would make it easier for companies to share information with the government about the threats facing their networks. Supporters — Republicans and Democrats alike — said the proposal is a reasonable compromise between the need for privacy and security.
"The intelligence community has the ability to detect these cyber threats, these malicious codes and viruses, before they are able to attack our networks," said Intelligence Committee ranking member Dutch Ruppersberger (D-Md.). "But right now, federal law prohibits our intelligence community from sharing the classified cyber threat with the companies that will protect us that control the network, the AT&Ts, the Verizons, the Comcasts, those groups.
"We have the ability to give them the information to protect us, but yet we have to pass a law to do that."
The bill enjoyed strong bipartisan support before the administration issued a veto threat and sided with privacy advocates who argue the bill does not do enough to protect consumers' private information. The White House also wants regulatory mandates for critical infrastructure providers, which are not contained in CISPA.
Ruppersberger said earlier Thursday that Obama's veto threat of his bill was like a "kick in the solar plexus".
It also seemed to have the effect of peeling Democrats off the bill, as several Democrats took up Obama's arguments during floor debate.
"In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet," said Rep. Bennie Thompson (D-Miss.). "It would create a Wild West of information sharing, where any certified business can share with any government agency, who can then use the information for any national security purpose and grant the business immunity from virtually any liability."
Rep. Jared Polis (D-Colo.) added that the bill is an "unprecedented, sweeping piece of legislation that would waive every single privacy law ever enacted in the name of cybersecurity."
Republicans did allow several amendments to be considered that narrowed the scope of the bill, including proposals from members of both parties. One from Rep. Ben Quayle (R-Ariz.) would allow the government to use the information it collects only for five purposes, all related to protecting people and prosecuting crimes.
Others would prohibit the government from using certain electronic data as it works to fight cyber threats, narrow the definition of what information can be shared, and encourage the government to create procedures to protect privacy.
Even before those amendments, supporters argued that the bill has enough safeguards in it to ensure the privacy of consumer data.
"The bill includes significant safeguards to protect personal and private information," Rep. Rich Nugent (R-Fla.) said. "It significantly limits the federal government's use of that information that the private companies voluntarily provide, including the government's authority to search data."
The bill is one of four cybersecurity bills the House is expected to consider this week. The others are the Federal Information Security Amendments act (H.R. 4257), the Cybersecurity Enhancement act (H.R. 2096), and the Advancing America's Networking and Information Technology Research and Development act (H.R. 3834). House Republicans have put these three bills on the suspension calendar, a process usually reserved for non-controversial bills that will require them to pass by a two-thirds majority vote.