Intel panel chiefs seek to rally support for cybersecurity bill

The leaders of the House Intelligence Committee on Monday said they will back a set of amendments to their cybersecurity bill that are intended to allay the concerns of privacy advocates and the White House.

House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) told reporters on a conference call that the amendments to the Cyber Intelligence Sharing and Protection Act (CISPA) are intended to correct misperceptions about the bill and the effect it will have on people's private information.

"It's not a surveillance bill," Rogers said.

ADVERTISEMENT
The proposed changes are primarily aimed at addressing the outcry from privacy advocates about CISPA, but they will likely not be enough to mollify their top concerns with the measure.

The aim of CISPA is to remove the legal hurdles that impede industry and the government from sharing data about online threats with one another so cyberattacks are thwarted in real time. The Intelligence Committee will mark up the bill on Wednesday.

Chief among the proposed changes is an amendment that would narrow how law enforcement can use cyberthreat data it receives from companies. The amendment would strike a provision that would allow the government to broadly use the information for "national security purposes."

Privacy advocates argued law enforcement could interpret the provision broadly so it would allow them to take action against people for non-cybersecurity matters, such as illegal immigration or tax issues.

Given the "wide misunderstanding about what this provision actually did," Rogers said the bill sponsors "decided we'd take that up and deal with it another day."

Yet one proposed amendment will fall short of privacy groups' suggested changes to the bill. The amendment would require government agencies to strip personally identifiable information — such as people's email addresses or phone numbers — from the threat information they receive from companies.

Privacy groups had pushed for the bill sponsors to include a measure that would require companies to take reasonable steps to remove this personal information from the threat data they pass on to the government.

The other proposed amendments would limit companies' use of cyberthreat information they receive from the government so it can be used strictly for cybersecurity purposes. The two Intelligence Committee leaders said they will also support amendments that will include additional oversight measures to the bill.

They will also back another amendment that states the bill does not give companies authority to launch retaliatory hacker attacks against other entities that have stolen trade secrets and other data from them.

The House Intelligence chairman and ranking member described the proposed bill changes on the conference call but did not release text for them. A House Intelligence Committee staffer said the text is still being finalized ahead of the markup.

None of the proposed amendments deal with privacy advocates' top concern with the bill. They fear it would allow companies to share cyberthreat data directly with the National Security Agency, without a civilian agency like the Homeland Security Department handling the information first. They note that civilian agencies are subject to more congressional oversight, unlike the secretive spy agency.

"The effect of that is to shift the control of the cyberprogram from civilian hands to a secretive military agency," said Greg Nojeim, senior counsel at the Center for Democracy and Technology. "It'll be very difficult for there to be any transparency or any accountability if that shift happens."

Nojeim declined to comment on the specific amendments outlined by the committee leaders on the conference call because he has not seen the text of them yet.

A staffer for the House Intelligence Committee said other members on the committee will offer the amendments during Wednesday's markup, but Rogers and Ruppersberger may introduce a small managers amendment that outlines technical changes to the bill.

Last year the White House issued a veto threat the day before CISPA went to the House floor for a vote, in part, because of privacy concerns it had with the measure.

Rogers said they "continue to have a working dialogue with the White House" about the bill. He added that "we are closer" to agreement with the White House on some areas of the bill, but "haven't gotten closer" on other areas.

He declined to comment further on the outstanding concerns that the administration has with the bill. 

This post was updated at 7:10 p.m.