House to amend cybersecurity bill, privacy group sees 'good progress'

The authors of a House cybersecurity bill said Tuesday they will offer several amendments to address the concerns of privacy groups.

After the announcement of changes by authors Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), the Center for Democracy and Technology (CDT), one of the leading groups campaigning against the bill, said it still has concerns but will "not oppose the process moving forward in the House."

"In sum, good progress has been made," CDT said in a statement. "The committee listened to our concerns and has made important privacy improvements and we applaud the committee for doing so."

ADVERTISEMENT
The Cyber Intelligence Sharing and Protection Act (CISPA) is expected to pass the House later this week.

The goal of CISPA is to help companies beef up their defenses against hackers who steal business secrets, rob customers' financial information and wreak havoc on computer systems. The bill would tear down legal barriers that discourage companies from sharing information about cyber threats. 

But civil liberties groups warned the measure would encourage companies to hand over private information to government spy agencies.

Rogers and Ruppersberger said lawmakers will offer amendments on the floor later this week to address the concerns of the privacy groups. 

One amendment would tighten limitations on how the government can use the information it collects. The government would only be able to use the information to protect against a cyber attack, investigate cyber crime, protect national security, protect against theft or bodily harm or to protect minors from child pornography. 

CDT argued that the bill should be further amended to only allow the information to be used for cybersecurity purposes.


The amendments would also narrow the definition of "cyber threat information" and would bar the federal government from retaining or using information beyond the explicit purposes of the bill. Another amendment would restrict the scope of the liability protections for companies that turn over data to the government.

The changes address many of the core concerns of privacy groups, but notably would not prevent spy agencies, such as the National Security Agency (NSA) or the CIA from accessing the information. The privacy groups argue that a domestic agency, such as the Homeland Security Department, would be a more appropriate body to handle the personal information. 

CDT said the bill still "falls short" because of the "flow of internet data directly to the NSA and the use of information for purposes unrelated to cybersecurity."

"Recognizing the importance of the cybersecurity issue, in deference to the good faith efforts made by Chairman Rogers and Ranking Member Ruppersberger, and on the understanding that amendments will be considered by the House to address our concerns, we will not oppose the process moving forward in the House. We will focus on the amendments and subsequently on the Senate," the group said.

Officials from the Electronic Frontier Foundation and the American Civil Liberties Union, which have also been campaigning against the bill, said they would need to take a close look at the amendments before they could comment.

"I am very pleased with where the bill stands today," Rogers said in a statement. "Our bill is designed to help protect American companies from advanced foreign cyber threats, like those posed by the Chinese government. It has always been my desire to do that in manner that doesn’t sacrifice the privacy and civil liberties of Americans, and I am confident that we have achieved that goal."