House makes concession to privacy advocates on cybersecurity bill

Just before voting on the rule, Republicans proposed amending it to allow for consideration of a pro-privacy amendment. The amendment, to be offered by House Homeland Security Committee Chairman Mike McCaul (R-Texas), would require the Departments of Justice and Homeland Security to set up an entity to receive cyber threat information from companies.

ADVERTISEMENT
Members were known to be considering an amendment to that effect throughout the week. The decision to make it in order — and its possible passage — is a victory for privacy advocates who are worried that in the process of sharing information with the government, companies might give the government personal information from customers as well.

On Wednesday, Rules Committee Chairman Pete Sessions (R-Texas) explained on the floor that the amendment was not quite ready when the Rules Committee made in order 12 other amendments on Tuesday.

"This amendment was in negotiation yesterday, and submitted for consideration in the Rules Committee, but the final compromise was not ready at the time the committee finished its work product yesterday evening," Sessions said.

The amendment is also backed by Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), the sponsors of CISPA, and Bennie Thompson (D-Miss.).

Ruppersberger said the bill's sponsors decided to work on the amendment with their colleagues to address the White House's concerns and ensure the measure gets to the president's desk for signature.

"Rogers and I are just trying to deal with the issue of the White House concerns, realizing that if we pass a bill here and it doesn't pass the Senate and the president doesn't sign it, we have no bill," Ruppersberger said. "This threat is so severe, the cyber threat, that we have to do something."

"This is a huge concession," he said.

Soon after Sessions explained the change, Rep. Rob Woodall (R-Ga.) proposed an amendment to the rule, which was quickly approved by unanimous consent. The House then voted to approve the rule in a 227-192 vote

During the debate, Woodall praised the bill as a way to lift the restrictions now in place that prevent public-private cooperation and coordination in fighting cyber attacks. He also said the bill as written already provides protections for consumers that will help prevent their personal information from being handed over to the government.

"Page after page… talks about how we as citizens must, must, must continue to be safe and secure in the privacy of our own information," he said.

Democrats disagreed, and said the bill is written in a way that could allow companies to violate their own agreements to protect personal data.

"If this bill were law, the company you gave that information to could then turn around, in violation of their own terms of use, and provide all that information to the government," Rep. Jared Polis (D-Colo.) said.

Other Democrats argued that the rule as approved does not make in order amendments that would require companies to make "reasonable efforts" to remove personal data before sending information to the government. The absence of language to that effect is one of the reasons why the Obama administration threatened to veto the bill this week.

"The administration… remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities," the White House said. "Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately."

With the rule passed, the House moved immediately to debate the bill, and was expected to vote on several amendments to the legislation today. Final passage is expected Thursday.

— This story was updated at 2:54 p.m.