CISPA changes fail to win over privacy advocates

"We will work with Congress to make sure that the next version of information sharing legislation unequivocally resolves this issue, as well as tightens immunity provisions and protects personal information," Richardson added.

In the weeks leading up to Thursday's vote, privacy advocates attempted to rally opposition to CISPA. They argued that the bill would increase the pool of electronic communications that flows to the NSA without requiring companies to take steps to remove personal information from that online data first. 

CISPA aims to make it easier for companies and the government to share information about malicious source code and other cyber threats with each other so firms can thwart cyberattacks faster. While privacy groups laud the intent of the bill, they argue that CISPA does not include sufficient privacy protections to prevent people's personal information from being passed on to the government.

"CISPA is a poorly drafted bill that would provide a gaping exception to bedrock privacy law,” Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, said in a statement after CISPA passed the House. “While we all agree that our nation needs to address pressing Internet security issues, this bill sacrifices online privacy while failing to take commonsense steps to improve security."

Many privacy groups' concerns were echoed by the White House in a veto threat issued earlier this week.

The sponsors of CISPA, House Intelligence Committee leaders Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), attempted to mollify the White House and privacy groups by adopting changes into the bill that were intended bolster its privacy safeguards. Members also agreed to add a last-minute amendment to the bill that would make it more likely that companies would share threat data with the Homeland Security (DHS) and Justice departments.

Reps. Michael McCaul (R-Texas), Bennie Thompson (D-Miss.), along with Rogers and Ruppersberger, offered the amendment.

An earlier draft of that amendment, which was circulated this week, would have addressed privacy groups' concern about companies sharing threat data directly with the NSA. However, that text was dropped before the amendment was filed to the House Rules Committee this week.

Some privacy groups lauded the bill sponsors for backing McCaul's amendment to the bill, but they said it still doesn't go far enough to allay their underlying concerns with CISPA.

"While more work needs to be done to ensure that DHS has the lead, the House took a significant step in that direction today," said Greg Nojeim, senior counsel at the Center for Democracy and Technology, in a statement.

Nojeim argued the bill "invites companies to engage in reckless and negligent cybersecurity conduct that could injure others, and insulates that conduct against criminal and civil liability."