WASHINGTON (Reuters) - The U.S. House of Representatives passed a cybersecurity bill on Thursday that would allow the government and companies to share information about hacking, but which has raised privacy concerns and a veto threat from the White House.
The House approved the bill 248-168, prompting the top Republican and Democrat on the intelligence committee who sponsored it to issue a joint statement lauding the bipartisan approval.
“Economic cyber spies will have a harder time stealing American business plans and research and development as the House took the first step today by passing a cybersecurity bill that will help U.S. companies better protect themselves from dangerous economic predators,” the statement said.
The legislation allows federal agencies such as the National Security Agency, an intelligence agency that eavesdrops overseas and protects classified U.S. government computer networks, to share secret cyber threat information with American companies to help the private sector protect its networks.
Critics had raised privacy concerns that the sharing in return of “threat information” from private network operators to the government was so broad as to allow the NSA to effectively collect data on American communications, which is generally prohibited by law.
House intelligence committee chairman Mike Rogers and senior Democrat C.A. “Dutch” Ruppersberger said changes had been made to the legislation to strengthen privacy provisions, and that Facebook, the U.S. Chamber of Commerce, Boeing, AT&T and others had supported it.
“We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” Rogers said.
But amendments favored by engineering experts and civil rights advocates were not adopted. The legislation would still allow the information from private companies to be used for intelligence and national security purposes, not just cybersecurity.
The House bill would essentially override “important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards,” the White House said in a statement Wednesday.
“The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.”
The administration also faulted the bill’s grants of broad immunity from privacy and antitrust lawsuits to the private companies that share threat information with the government and with corporate competitors.
The outlook for the House legislation in the current form is uncertain. It matches up with a Senate bill introduced by Republican John McCain, but Democrats, who control the chamber, are aligned behind a broader bill authored by Senator John Rockefeller and others.
The White House strongly supports that bill, which has provisions that would allow the Department of Homeland Security to direct companies maintaining critical infrastructure, such as water and power utilities, to meet new standards.
The American Civil Liberties Union said the House bill would allow companies to share private information with the government without a warrant and proper oversight.
“Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity,” Michelle Richardson, ACLU legislative counsel, said in a statement.
Additional reporting by Joseph Menn; Editing by Lisa Shumaker